By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,829 Members | 1,828 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,829 IT Pros & Developers. It's quick & easy.

Cookies , Session Which is Better ? and Global.asa Question

P: n/a
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.

I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.

Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.

which is safe and better .. creating cookies or creating session
variables.
can anyone give me the comparision
Jul 19 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
On 24 Jul 2004 03:30:34 -0700, am*******@yahoo.com (Amit D.Shinde)
wrote:
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.
That's problematic, since closing the browser closes your potential
for a response from the client. If the cookie has no expiration, it
*should* expire when the user leaves your site, including when they
close the browser. In my experience, that isn't always what happens,
but it should do for what you need.
I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.
Think of global.asa as a global include file that handles events.
That's a little simplistic, but it'll help you understand the concepts
of what you're asking. You can do things when the session starts or
ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
applications. But in the case of a SESSION_ONEND, it happens at the
end of the session, not when the browser is closed (which may or may
not end the session). You can't use the application object since it
doesn't apply to the user. So there's no real way to detect the
browser being closed, since it doesn't end a session and doesn't send
a response back to the server.
Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.
Assuming you aren't using two sites that are identical, no.
which is safe and better .. creating cookies or creating session
variables.
Yes.
can anyone give me the comparision


There isn't a comparison like that available. Each has advantages and
disadvantages in specific situations. You need to learn the
difference in the technologies first, since they don't have the same
function and using cookies doesn't mean you don't use a session
variable, or visce versa.

In your mentioned situation you might do better with a cookie than a
session variable, but it really depends on what you're doing with the
information.

Might look at:

http://www.asp101.com/resources/apps_sessions_gasa.asp

Jeff
Jul 19 '05 #2

P: n/a
BTR
A little addition to Jeff's well thought out response:
COOKIES:
Cookies are best used when storing information that is generic like
browser settings, colors etc. for ( in most cases ) a longer amount of
time.

YOU SHOULD NEVER STORE PERSONALLY IDENTIFIABLE INFORMATION IN A
COOKIE!!!!!
The main reason for this being is safety, most people would store a
user name in a cookie name like uname or user or username or
user_name. I could write code that would run through those
combinations and the combinations of any other bit of information,
email, pw's ip's where they've surfed etc. and steal that information
to use for what ever purpose I needed.

If you needed to store personal information in a cookie use non
standard naming conventions and think about encrypting any specific
personal information you need to store. But like I said use as a last
resort.

Cookies (in most cases) can be called from multiple sites depending on
what you store in the info and know how to access it.

One advantage of using cookies is that the persons machine bears the
brunt of setting the cookie, storing that information etc. Unlike
sessions where the server takes the hit for having to store that
information.

SESSIONS:
Sessions are just as dangerous when storing personal information but
the danger is lessened if the server is "secured" etc. Although not
impossible - its much harder for me to hijack session information from
a user then it is for me to hijack cookie information. The server that
..asp file is running on bears the brunt of storing session information
in memory. Meaning, if you have a lot of people hitting your site at
any given time - server performance is reduced becuase the server is
using more memory to store session information.

The average time a session lasts is 20 mins. So, when your browser
hits the site the sessions starts counting down from there.

Sessions (in most cases) are site specific. It is possible to transfer
sessions to other sites but its not very practical.

Sessions do not die after the browser has closed down. If you have a
logout button on your site - make sure you use session.abandon to
kill any unwanted and unused sessions.

Rules of thumb for deciding which is better for your sites needs.
1. hi-traffic sites - use cookies
Moves some of the load off the server onto the persons browser

2. e-commerce sites - use sessions
quick and easy and doesnt store any personal information the persons
computer - can be killed once transaction is complete and the person
moves on to other websites.

3. site customization - use cookies
usually information like this is innoculous and is of no use to anyone
but your website.

Hope this helps a little
- Bastard
On Sat, 24 Jul 2004 13:56:19 GMT, je*********@zina.com (Jeff Cochran)
wrote:
On 24 Jul 2004 03:30:34 -0700, am*******@yahoo.com (Amit D.Shinde)
wrote:
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.


That's problematic, since closing the browser closes your potential
for a response from the client. If the cookie has no expiration, it
*should* expire when the user leaves your site, including when they
close the browser. In my experience, that isn't always what happens,
but it should do for what you need.
I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.


Think of global.asa as a global include file that handles events.
That's a little simplistic, but it'll help you understand the concepts
of what you're asking. You can do things when the session starts or
ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
applications. But in the case of a SESSION_ONEND, it happens at the
end of the session, not when the browser is closed (which may or may
not end the session). You can't use the application object since it
doesn't apply to the user. So there's no real way to detect the
browser being closed, since it doesn't end a session and doesn't send
a response back to the server.
Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.


Assuming you aren't using two sites that are identical, no.
which is safe and better .. creating cookies or creating session
variables.


Yes.
can anyone give me the comparision


There isn't a comparison like that available. Each has advantages and
disadvantages in specific situations. You need to learn the
difference in the technologies first, since they don't have the same
function and using cookies doesn't mean you don't use a session
variable, or visce versa.

In your mentioned situation you might do better with a cookie than a
session variable, but it really depends on what you're doing with the
information.

Might look at:

http://www.asp101.com/resources/apps_sessions_gasa.asp

Jeff


Jul 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.