473,544 Members | 1,908 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

cookieless session? Who has it working?

I experimented/researched cookieless sessions and tried it on my website.
I expected the switch to cookieless sessions to be transparent but this isn'
t the case at all:

1) Forms based authentication doesn't work
I read that the Whidbey release will support this and you can make it work
today:
http://www.codeproject.com/aspnet/cookieless.asp
Still, it's a showstopper for most websites

2) You can't use absolute links
I think developers use this lot (at least I do to make the link callable
from every place in the site, including other directories)
I can understand a bit why fully qualified URL's aren't supported but why is
it so hard to support absolute ones. Can anyone clarify this?
Again there is a nontransparent solution: Response.ApplyA ppPathModifier

3) There is a major security risk
See:
http://builder.com.com/5100-6387-1044869.html
And
http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg

No workaround possible I think
(I expected more from Microsoft but as always they will fix this after some
releases.)

My questions:
- Who uses cookieless state in a production website? Are you satisfied with
the results?
- Can someone, with more experience then me, confirm my 3 points (possibly
someone from Microsoft)
- Is there a 3rd party solution that makes cookieless websites a real
choice? (No app changes is meant by this)

For now I stay away from cookieless mode since it involves application
changes and a big security risk.

Please say that I am wrong :)
Nov 18 '05 #1
2 1547
Max
I wouldn't mess with this cookieless nonsense. Just make sure that your site
behaves itself if a client connects without a cookie. If you've ever tried
to browse the net without cookies, you know what these screens look like.
It's impossible to get around without cookies.

-5yr designer/developer
"Tom Pester" <tm***@hotmail. com> wrote in message
news:eX******** **********@TK2M SFTNGP12.phx.gb l...
I experimented/researched cookieless sessions and tried it on my website.
I expected the switch to cookieless sessions to be transparent but this isn' t the case at all:

Nov 18 '05 #2
hi,

hv alook at the site www.mapblast.com
it uses cookieless mode....
--
Thanks and Regards,

Amit Agarwal
Software Programmer(.NET )
"Max" <ma*****@portvi sta.com> wrote in message
news:0e******** ***********@twi ster.tampabay.r r.com...
I wouldn't mess with this cookieless nonsense. Just make sure that your site behaves itself if a client connects without a cookie. If you've ever tried
to browse the net without cookies, you know what these screens look like.
It's impossible to get around without cookies.

-5yr designer/developer
"Tom Pester" <tm***@hotmail. com> wrote in message
news:eX******** **********@TK2M SFTNGP12.phx.gb l...
I experimented/researched cookieless sessions and tried it on my website. I expected the switch to cookieless sessions to be transparent but this

isn'
t the case at all:


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004
Nov 18 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
2954
by: JV | last post by:
Hi, The URL I'm trying to access http://SERVER/VirtualDir/app/test.aspx This page has a lot of links and also images and CSS from the following folder structure. http://SERVER/VirtualDir/images/image.gif http://SERVER/VirtualDir/styles/Style.css
3
3526
by: Scott | last post by:
Hello, we are having problems displaying non-aspx files (images, style sheets) since we have upgraded to the 1.1 framework when using a cookieless session (sessionID in the url). Check out our file system set up below. Now, in an aspx page, we set as the "src" of our images something like "../images/animage.jpg". If the current actual...
10
7859
by: Anthony Williams | last post by:
Hi gang, This one looks like a bug :o( As you may or may not know, setting session management in web.config to use cookieless sessions causes the ASP.NET runtime to munge a session ID into the URL, in the format http://yourapplicationpath/(Session.SessionID)/... which saves numerous headaches when it comes to storing state across page...
0
1012
by: dev | last post by:
The site I am currently working on requires the use of Cookieless Sessions to maintain session data during a users visit. I've heard that Search Engine Bots may have issues with URLS that contain session ids. I would imagine that the spider/bot would view the Session ID placed within the sites url as a folder eg...
0
1324
by: Jerad Rose | last post by:
I have an odd scenario. I am working on a hybrid site that uses various development platforms, namely traditional ASP and Lasso (a Mac scripting language). The site uses its own custom sessions stored in a mySQL database, and state is maintained through the URL, passing a session GUID in the URL between page calls. For example: ...
2
1936
by: Daniel Malcolm | last post by:
Hi I just wanted to confirm that the "cookieless" attribute of the session section of the web.config file is an "all or nothing" setting. For some reason I thought that the following was the case: If "cookieless" is set to false then ... - If user's browser supports cookies then cookie is used to track Session
2
6981
by: Water Cooler v2 | last post by:
What do you mean by a cookieless session state? When you set the sessionState section's cookieless attribute to true in the web.config file, what does that mean? I read this (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfSessionstateSection.asp) and it does not explain the meaning of cookieless.
1
4682
by: Mark Olbert | last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly because I don't want to create my own provider at this point, and the supplied stuff comes with a lot of baggage I don't want/need). In ASPNET1.1 what I would do was something like the following, after...
3
6499
by: =?Utf-8?B?bWdvcHBlcnQ=?= | last post by:
I'm having an issue with using web services in a web application marked with session cookieless attribuet set to "AutoDetect". My real life scenario is too complex to lay out but here's my situation boiled down to the nuts and bolts... 1. Create a simple web application (not a web site) in VS 2005 2. Add a web.config and then set the...
0
7431
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7370
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7617
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
7714
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
1
5305
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
3415
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1848
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
992
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
674
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.