hello,
I have following session setting in my web.config file:
<configuratio n>
<system.web>
<sessionState
mode = "InProc"
cookieless="tru e"
timeout="10"/>
</system.web>
</configuration>
However, when I open my browser I get this in address bar: http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx
Is there any way I can hide this (sessionID).
Thanks,
--
Vlad Jasovic
Excelle Technologies Inc. http://www.excelleinc.com
"single source for all your computer needs" 6 4784
Sorry, forgot to mention that I want to have cookieless="tru e".
Is there any way I can hide sessiodID with these setting on "true"
You are using cookieless sessionstate, so the sessionID has to appear in the address bar.
--Michael.
"Vlad Jasovic" <vj******@excel leinc.com> wrote in message news:4u******** *************** @news.easynews. com... hello, I have following session setting in my web.config file: <configuratio n> <system.web> <sessionState mode = "InProc" cookieless="tru e" timeout="10"/> </system.web> </configuration> However, when I open my browser I get this in address bar: http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx Is there any way I can hide this (sessionID). Thanks, -- Vlad Jasovic Excelle Technologies Inc. http://www.excelleinc.com "single source for all your computer needs"
yeah, it really only affects obsessive-compulsive security-o-holics who raise the security of their browsers to block all cookies, People who do that run into quite a few problems in their web-browsing experience, so it serves them right if it doesn't work for them.
use the cookie, they taste good too.
"Tampa .NET Koder" <Ta***********@ discussions.mic rosoft.com> wrote in message news:16******** *************** ***********@mic rosoft.com... Yess-sir-ree, I think its all or nothing. However, having the session in the browser shouldn't be an issue, its done all the time "chriscollinson " wrote: because you have cookieless set to true, that tells asp.net that you cant save cookies on any of the user's pc, and so it stores the session id in the url. if you set it to false, the session id will be removed from the url and placed inside a cookie on the users pc. as far as i am aware, you cannot mix and match based on the user. its a whole or nothing setting. "Vlad Jasovic" wrote: hello, I have following session setting in my web.config file: <configuratio n> <system.web> <sessionState mode = "InProc" cookieless="tru e" timeout="10"/> </system.web> </configuration> However, when I open my browser I get this in address bar: http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx Is there any way I can hide this (sessionID). Thanks, -- Vlad Jasovic Excelle Technologies Inc. http://www.excelleinc.com "single source for all your computer needs"
The reason why I want to do this without cookies is because this web-site is
for broad audience and some of them (you'd be surprised) do have cookies
disabled.
Problem why I don't want SessionID in browser is because when you add
web-site to favorites it stores SessionID too. Doing some shopping carts and
wouldn't like to see it.
"Raterus" <mo*********@su retar.reverse> wrote in message
news:eW******** ******@TK2MSFTN GP10.phx.gbl...
yeah, it really only affects obsessive-compulsive security-o-holics who
raise the security of their browsers to block all cookies, People who do
that run into quite a few problems in their web-browsing experience, so it
serves them right if it doesn't work for them.
use the cookie, they taste good too.
"Tampa .NET Koder" <Ta***********@ discussions.mic rosoft.com> wrote in
message news:16******** *************** ***********@mic rosoft.com... Yess-sir-ree, I think its all or nothing. However, having the session in
the browser shouldn't be an issue, its done all the time
"chriscollinson " wrote:
because you have cookieless set to true, that tells asp.net that you
cant save cookies on any of the user's pc, and so it stores the session id in
the url.
if you set it to false, the session id will be removed from the url and placed inside a cookie on the users pc.
as far as i am aware, you cannot mix and match based on the user. its a whole or nothing setting.
"Vlad Jasovic" wrote:
hello,
I have following session setting in my web.config file: <configuratio n> <system.web> <sessionState mode = "InProc" cookieless="tru e" timeout="10"/> </system.web> </configuration>
However, when I open my browser I get this in address bar: http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx
Is there any way I can hide this (sessionID).
Thanks,
-- Vlad Jasovic Excelle Technologies Inc. http://www.excelleinc.com "single source for all your computer needs"
"Vlad Jasovic" <vj******@excel leinc.com> wrote in message
news:Y2******** *************** @news.easynews. com... The reason why I want to do this without cookies is because this web-site
is for broad audience and some of them (you'd be surprised) do have cookies disabled.
It's not unreasonable to inform users that, if they want to use your site,
they will have to enable cookies on their browser...
Problem why I don't want SessionID in browser is because when you add web-site to favorites it stores SessionID too. Doing some shopping carts
and wouldn't like to see it.
Then, regrettably, a web solution will not meet your needs, at least, not an
ASP.NET / IIS one...
In this case I would recommend not relying on session, but rolling your own
solution. Store an ID in viewstate or something on every page, be sure to
pass it along from page to page. Store your data somehow indexed by this ID,
so that then you can get it any time.
I agree that it is not unreasonable to require your site to only function
properly with cookies enabled. Either that, or give up the ability to
bookmark on favorites. People can't have their cake and eat it too. They
can't go nuts with security and turn everything off - and then expect the
same level of functionality.
"Vlad Jasovic" <vj******@excel leinc.com> wrote in message
news:Y2******** *************** @news.easynews. com... The reason why I want to do this without cookies is because this web-site
is for broad audience and some of them (you'd be surprised) do have cookies disabled.
Problem why I don't want SessionID in browser is because when you add web-site to favorites it stores SessionID too. Doing some shopping carts
and wouldn't like to see it.
"Raterus" <mo*********@su retar.reverse> wrote in message news:eW******** ******@TK2MSFTN GP10.phx.gbl... yeah, it really only affects obsessive-compulsive security-o-holics who raise the security of their browsers to block all cookies, People who do that run into quite a few problems in their web-browsing experience, so it serves them right if it doesn't work for them.
use the cookie, they taste good too.
"Tampa .NET Koder" <Ta***********@ discussions.mic rosoft.com> wrote in message news:16******** *************** ***********@mic rosoft.com... Yess-sir-ree, I think its all or nothing. However, having the session
in the browser shouldn't be an issue, its done all the time
"chriscollinson " wrote:
because you have cookieless set to true, that tells asp.net that you cant save cookies on any of the user's pc, and so it stores the session id
in the url.
if you set it to false, the session id will be removed from the url
and placed inside a cookie on the users pc.
as far as i am aware, you cannot mix and match based on the user. its
a whole or nothing setting.
"Vlad Jasovic" wrote:
> hello, > > I have following session setting in my web.config file: > <configuratio n> > <system.web> > <sessionState > mode = "InProc" > cookieless="tru e" > timeout="10"/> > </system.web> > </configuration> > > However, when I open my browser I get this in address bar: > http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx > > Is there any way I can hide this (sessionID). > > > Thanks, > > -- > Vlad Jasovic > Excelle Technologies Inc. > http://www.excelleinc.com > "single source for all your computer needs" > > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Paul |
last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION = "";
$_SESSION = "";
echo "<form method='POST' action='login.php'>
|
by: mrbog |
last post by:
Tell me if my assertion is wrong here:
The only way to prevent session hijacking is to NEVER store
authentication information (such as name/password) in the session.
Well, to never authenticate a user from information you got from the
session. Each secure app on a site must challenge the user for name
and password, each and every time the user accesses it (not just once
and then store it in the session). If a secure app is multi-page,...
|
by: Darrin J Olson |
last post by:
I am trying to end a session for a site without having to completely close
the browser to end it.
When I access the site and log in it works fine. If I log out and in with a
different account without closing the browser, I get the first session's
information. Also, if a open another browser and log in with a different
account I get the session from the first browser. I've tried deleting all
cookies and any cached pages, but still get the...
|
by: Shock |
last post by:
I am interested in hearing what kind of methods are used to hide
QueryStrings when passing data between aspx pages. For instance, I have a
url that looks something like this:
http://localhost/page.aspx?year=2000&userid=100
What ways are there to hide everything following the question mark?
I have found some tutorials online, but they are very vague and I am seeking
a little more detail. As a newbie to asp.net I am interested in...
|
by: Chris |
last post by:
When a request comes into a page on my ASP.net site and a session is
not found, I want to detect whether the request is an initial request
or if the user did have a session going that has now been lost and
show an explanatory message before restarting the session.
Rather than tagging a 'session in progress' flag on the end of every
request querystring I'd like to detect it using data sent in every
request.
One idea I had was that when...
| |
by: ari |
last post by:
hey all,
i'm trying to make my app as stateless as possible. is it ok to create a
dataset and store in viewstate and whenever the user decides to select a from
that dataset, to move from viewstate, to session, and on the details page
back to viewstate. Or does that sound like too much work?
thanks,
ari
|
by: Gordon Burditt |
last post by:
I had this idea about preventing session fixation, and I'm wondering
what anyone else thinks about it. The idea is, essentially, don't
allow session ids that YOUR PHP didn't generate (and aren't yet
expired) to log in. That way if someone sticks a made-up session
ID on a URL, it won't matter, unless it happens to correspond to
an active session (guessing a user password is probably easier).
Is this already standard practice, new, or is...
|
by: Glenn |
last post by:
Hi
I've been experimenting with managing state using the Session object. I've
created a simple WS with a couple of methods, one which sets a string
value, another that retrieves it.
Each method has the WebMethodAttribute.EnableSession set to true.
When I run the test page the session is maintained. However, using a
console application, in between setting the string value and attempting to
|
by: JJ297 |
last post by:
I want to hide the Pin field below in my repeater. How do I do this?
<asp:Repeater ID="Repeater1" runat="server"
DataSourceID="SqlDataSource1">
<ItemTemplate>
<tr>
<td><font color="#330099">Claim SSN: </font><b><%#
Eval("ClaimSSN") %></b></td>
<td colspan="2"></td>
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |