473,239 Members | 1,779 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,239 software developers and data experts.

Cookies , Session Which is Better ? and Global.asa Question

Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.

I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.

Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.

which is safe and better .. creating cookies or creating session
variables.
can anyone give me the comparision
Jul 19 '05 #1
2 3308
On 24 Jul 2004 03:30:34 -0700, am*******@yahoo.com (Amit D.Shinde)
wrote:
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.
That's problematic, since closing the browser closes your potential
for a response from the client. If the cookie has no expiration, it
*should* expire when the user leaves your site, including when they
close the browser. In my experience, that isn't always what happens,
but it should do for what you need.
I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.
Think of global.asa as a global include file that handles events.
That's a little simplistic, but it'll help you understand the concepts
of what you're asking. You can do things when the session starts or
ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
applications. But in the case of a SESSION_ONEND, it happens at the
end of the session, not when the browser is closed (which may or may
not end the session). You can't use the application object since it
doesn't apply to the user. So there's no real way to detect the
browser being closed, since it doesn't end a session and doesn't send
a response back to the server.
Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.
Assuming you aren't using two sites that are identical, no.
which is safe and better .. creating cookies or creating session
variables.
Yes.
can anyone give me the comparision


There isn't a comparison like that available. Each has advantages and
disadvantages in specific situations. You need to learn the
difference in the technologies first, since they don't have the same
function and using cookies doesn't mean you don't use a session
variable, or visce versa.

In your mentioned situation you might do better with a cookie than a
session variable, but it really depends on what you're doing with the
information.

Might look at:

http://www.asp101.com/resources/apps_sessions_gasa.asp

Jeff
Jul 19 '05 #2
BTR
A little addition to Jeff's well thought out response:
COOKIES:
Cookies are best used when storing information that is generic like
browser settings, colors etc. for ( in most cases ) a longer amount of
time.

YOU SHOULD NEVER STORE PERSONALLY IDENTIFIABLE INFORMATION IN A
COOKIE!!!!!
The main reason for this being is safety, most people would store a
user name in a cookie name like uname or user or username or
user_name. I could write code that would run through those
combinations and the combinations of any other bit of information,
email, pw's ip's where they've surfed etc. and steal that information
to use for what ever purpose I needed.

If you needed to store personal information in a cookie use non
standard naming conventions and think about encrypting any specific
personal information you need to store. But like I said use as a last
resort.

Cookies (in most cases) can be called from multiple sites depending on
what you store in the info and know how to access it.

One advantage of using cookies is that the persons machine bears the
brunt of setting the cookie, storing that information etc. Unlike
sessions where the server takes the hit for having to store that
information.

SESSIONS:
Sessions are just as dangerous when storing personal information but
the danger is lessened if the server is "secured" etc. Although not
impossible - its much harder for me to hijack session information from
a user then it is for me to hijack cookie information. The server that
..asp file is running on bears the brunt of storing session information
in memory. Meaning, if you have a lot of people hitting your site at
any given time - server performance is reduced becuase the server is
using more memory to store session information.

The average time a session lasts is 20 mins. So, when your browser
hits the site the sessions starts counting down from there.

Sessions (in most cases) are site specific. It is possible to transfer
sessions to other sites but its not very practical.

Sessions do not die after the browser has closed down. If you have a
logout button on your site - make sure you use session.abandon to
kill any unwanted and unused sessions.

Rules of thumb for deciding which is better for your sites needs.
1. hi-traffic sites - use cookies
Moves some of the load off the server onto the persons browser

2. e-commerce sites - use sessions
quick and easy and doesnt store any personal information the persons
computer - can be killed once transaction is complete and the person
moves on to other websites.

3. site customization - use cookies
usually information like this is innoculous and is of no use to anyone
but your website.

Hope this helps a little
- Bastard
On Sat, 24 Jul 2004 13:56:19 GMT, je*********@zina.com (Jeff Cochran)
wrote:
On 24 Jul 2004 03:30:34 -0700, am*******@yahoo.com (Amit D.Shinde)
wrote:
Hello Experts..

I need some help regarding cookies and session objects and also
global.asa file

I am creating one cookie when a user logs in on my website.
The cookie stores the login name of the user. I want that cookie
should get deleted when user closes the browser without signing out.


That's problematic, since closing the browser closes your potential
for a response from the client. If the cookie has no expiration, it
*should* expire when the user leaves your site, including when they
close the browser. In my experience, that isn't always what happens,
but it should do for what you need.
I think it is done in global.asa file . But i don;t know how to do it?
Please Explain me the working of global.asa file.


Think of global.asa as a global include file that handles events.
That's a little simplistic, but it'll help you understand the concepts
of what you're asking. You can do things when the session starts or
ends, using the SESSION_ONSTART/SESSION_ONEND events. Same for
applications. But in the case of a SESSION_ONEND, it happens at the
end of the session, not when the browser is closed (which may or may
not end the session). You can't use the application object since it
doesn't apply to the user. So there's no real way to detect the
browser being closed, since it doesn't end a session and doesn't send
a response back to the server.
Also If I am creating a cookie and other site is also creating a
cookie of same name then does this will create a problem?.


Assuming you aren't using two sites that are identical, no.
which is safe and better .. creating cookies or creating session
variables.


Yes.
can anyone give me the comparision


There isn't a comparison like that available. Each has advantages and
disadvantages in specific situations. You need to learn the
difference in the technologies first, since they don't have the same
function and using cookies doesn't mean you don't use a session
variable, or visce versa.

In your mentioned situation you might do better with a cookie than a
session variable, but it really depends on what you're doing with the
information.

Might look at:

http://www.asp101.com/resources/apps_sessions_gasa.asp

Jeff


Jul 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: TG | last post by:
How can I test to ensure a visitors browser allows for cookies? When I recently setup my browser to not allow cookies and I visited my website my global and session variables stopped working...
2
by: kublai khan | last post by:
I am coming from (an elementary-level) javascript background. I set cookiesin select pages to see where the users are coming from and where they are going. It works quite nicely except that I'd...
1
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
9
by: | last post by:
Is it possible for a user to enable permanent cookies but disable session cookies.....this seems like a contradition yet this is what I appear to be reading in online articles?
0
by: bb | last post by:
Hello In my Session_OnStart in Global.asa, I am setting some cookies. One of them, I set as follows: dim UserID UserID = Request.ServerVariables("LOGON_USER") Response.Cookies("User")("ID")...
3
by: Joey Powell | last post by:
This message was originally posted to the aspnet.security newsgroup, but no one there has ever heard of this before. That is why I am posting this message here, so that more people will see it... ...
3
by: Peter Row | last post by:
Hi, I better get the background stuff out the way first, so here goes: - Porting a VB6 webclass app to VB.NET using HttpHandlers and FormsAuthentication - When someone visits my site...
0
by: Mach Runner | last post by:
I am implementing a secure website using the ASP.NET FormsAuthentication model. I have taken the simplest code examples from MSDN (login.aspx,default.aspx, web.config) but cannot get proper...
10
by: _Who | last post by:
Given Request.Cookies and Response.Cookies in asp.net is there any reason to ever use javascript or any other method to use cookies? Thanks
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, youll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.