By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,971 Members | 1,451 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,971 IT Pros & Developers. It's quick & easy.

Sessions without cookies question

P: n/a
UserA has a PC running IE 6. This has the cookies disabled:
1 - Override automatic cookie handling: checked
2 - First party cookies: Block
3 - Third-party cookies: Block
4 - Always allow session cookies: Unchecked

The server runs a Classic ASP application running in IIS 5.x that uses the
session cache. These are different machines running within a LAN.

When UserA accesses the website, the ASP code retrieves some data from the
DB and puts it into the session cache and timestamps it (to give it a
time-to-live value).

When UserA accesses the site again, the ASP code checks the value of
Session("DatabaseSettings_DateAccessed") to see if the cache has expired.

Bizarrely, it picks up the correct date set on the previous visit.

I would have expected that, since UserA does not have session cookies
enabled, there should be no existing session identifier available for UserA.
So, how is IIS recognising UserA's session?

Thanks in advance

Griff

PS I originally posted this to the IIS group, but got no replies.
Jan 5 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Ah, Daniel Crichton replied in the other group with:
>The cookie settings are for the Internet Zone only - maybe the site is
being seen as being in the Local Intranet or Trusted Zone.
I guess that's the answer then.

Griff

Jan 5 '07 #2

P: n/a

"Griff" <ho*****@the.moonwrote in message
news:em**************@TK2MSFTNGP03.phx.gbl...
Ah, Daniel Crichton replied in the other group with:
The cookie settings are for the Internet Zone only - maybe the site is
being seen as being in the Local Intranet or Trusted Zone.

I guess that's the answer then.
Yes if you read the Advanced Privacy Settings dialog text more carefully you
will see that these setting apply to the internet zone only. Trusted and
Intranet zones are unaffected.
Jan 5 '07 #3

P: n/a
Anthony Jones wrote on 05 jan 2007 in
"Griff" <ho*****@the.moonwrote in message
>Ah, Daniel Crichton replied in the other group with:
>The cookie settings are for the Internet Zone only - maybe the site
is being seen as being in the Local Intranet or Trusted Zone.

I guess that's the answer then.

Yes if you read the Advanced Privacy Settings dialog text more
carefully you will see that these setting apply to the internet zone
only. Trusted and Intranet zones are unaffected.
Interesting.

So it could be a good advice to ones co-workers,
that do not trust na internet session cookie,
to set the company's site to trusted,
in stead of trying to convince them of
the harmlessness of internet session cookies?

Cyber psychology?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jan 5 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.