473,325 Members | 2,872 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

Sessions without cookies question

UserA has a PC running IE 6. This has the cookies disabled:
1 - Override automatic cookie handling: checked
2 - First party cookies: Block
3 - Third-party cookies: Block
4 - Always allow session cookies: Unchecked

The server runs a Classic ASP application running in IIS 5.x that uses the
session cache. These are different machines running within a LAN.

When UserA accesses the website, the ASP code retrieves some data from the
DB and puts it into the session cache and timestamps it (to give it a
time-to-live value).

When UserA accesses the site again, the ASP code checks the value of
Session("DatabaseSettings_DateAccessed") to see if the cache has expired.

Bizarrely, it picks up the correct date set on the previous visit.

I would have expected that, since UserA does not have session cookies
enabled, there should be no existing session identifier available for UserA.
So, how is IIS recognising UserA's session?

Thanks in advance

Griff

PS I originally posted this to the IIS group, but got no replies.
Jan 5 '07 #1
3 1779
Ah, Daniel Crichton replied in the other group with:
>The cookie settings are for the Internet Zone only - maybe the site is
being seen as being in the Local Intranet or Trusted Zone.
I guess that's the answer then.

Griff

Jan 5 '07 #2

"Griff" <ho*****@the.moonwrote in message
news:em**************@TK2MSFTNGP03.phx.gbl...
Ah, Daniel Crichton replied in the other group with:
The cookie settings are for the Internet Zone only - maybe the site is
being seen as being in the Local Intranet or Trusted Zone.

I guess that's the answer then.
Yes if you read the Advanced Privacy Settings dialog text more carefully you
will see that these setting apply to the internet zone only. Trusted and
Intranet zones are unaffected.
Jan 5 '07 #3
Anthony Jones wrote on 05 jan 2007 in
"Griff" <ho*****@the.moonwrote in message
>Ah, Daniel Crichton replied in the other group with:
>The cookie settings are for the Internet Zone only - maybe the site
is being seen as being in the Local Intranet or Trusted Zone.

I guess that's the answer then.

Yes if you read the Advanced Privacy Settings dialog text more
carefully you will see that these setting apply to the internet zone
only. Trusted and Intranet zones are unaffected.
Interesting.

So it could be a good advice to ones co-workers,
that do not trust na internet session cookie,
to set the company's site to trusted,
in stead of trying to convince them of
the harmlessness of internet session cookies?

Cyber psychology?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jan 5 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Paul | last post by:
I want to use sessions to cover myself in case the user switches off cookies so I am passing the session ID manually through a hidden input field. This is what I have so far. index.php page...
1
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
11
by: Ohaya | last post by:
Hi, I'm trying to understand a situation where ASP seems to be "blocking" of "queuing" requests. This is on a Win2K Advanced Server, with IIS5. I've seen some posts (e.g.,...
8
by: Chuck Anderson | last post by:
I've instituted a sessions based scheme on my web site to combat hot linking to my images. When someone requests a page at my site, I set a session variable. I then use htaccess to redirect *all*...
8
by: Dave | last post by:
Hopefully this is an easy question for those with more experience. I have two separate programs that I want to use together on a website Program A starts first and calls session_start(). ...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.