473,323 Members | 1,560 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,323 software developers and data experts.

Cookieless sessions

Hi

Using cookieless sessions, if a user copies a URL that
includes the embedded session ID and sends that to someone
else, i.e. via email, if that link is used within the
timeout period, they end up with the same session.

Is there a way to tell if the client using the URL and
embedded session ID is somebody different to client who
originally got the session?

Regards

Leigh


Nov 18 '05 #1
4 1169
what about checking "AUTH_USER" ? in the er session variables i finks? or IP
address?
"Leigh" <an*******@discussions.microsoft.com> wrote in message
news:07****************************@phx.gbl...
Hi

Using cookieless sessions, if a user copies a URL that
includes the embedded session ID and sends that to someone
else, i.e. via email, if that link is used within the
timeout period, they end up with the same session.

Is there a way to tell if the client using the URL and
embedded session ID is somebody different to client who
originally got the session?

Regards

Leigh

Nov 18 '05 #2
Hi,

You can use the user IP address in a LAN scenario or toggle a database field to check the user login status.

Bhaskardeep Khaund
"Leigh" <an*******@discussions.microsoft.com> wrote in message news:07****************************@phx.gbl...
Hi

Using cookieless sessions, if a user copies a URL that
includes the embedded session ID and sends that to someone
else, i.e. via email, if that link is used within the
timeout period, they end up with the same session.

Is there a way to tell if the client using the URL and
embedded session ID is somebody different to client who
originally got the session?

Regards

Leigh


Nov 18 '05 #3
-----Original Message-----
Hi,

You can use the user IP address in a LAN scenario or toggle a database field to check the user login status.


Hi

Thanks for the response. We thought about using the IP
but as this is an Intranet site, and a lot of people would
access via NAT from the same office, we would get the same
IPs from a lot of users.

Regards

Leigh
Nov 18 '05 #4
-----Original Message-----
what about checking "AUTH_USER" ? in the er session variables i finks? or IPaddress?


Hi

Will take a look at this, but last time we looked at this
Server variable it was an empty string.

Regards

Leigh
Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: JJ | last post by:
Hi, I really need to use cookieless ASP sessions with ASP 3 (IIS5) Can I find out the session ID from the first page, then post it or send it with the url to the next page, then at the start...
0
by: djluker | last post by:
Does anyone know of a way to implement cookieless sessions in ASP.net by tacking on the session ID to the querystring, rather than setting cookieless="true" in the web.config file? I see that some...
3
by: Scott | last post by:
Hello, we are having problems displaying non-aspx files (images, style sheets) since we have upgraded to the 1.1 framework when using a cookieless session (sessionID in the url). Check out...
2
by: Tom Pester | last post by:
I experimented/researched cookieless sessions and tried it on my website. I expected the switch to cookieless sessions to be transparent but this isn' t the case at all: 1) Forms based...
2
by: Steve Franks | last post by:
According to the docs you tell ASP.NET to use cookieless sessions by setting a value in the config.web file. However, what if I wanted to determine at run time whether or not I wanted to use...
10
by: Anthony Williams | last post by:
Hi gang, This one looks like a bug :o( As you may or may not know, setting session management in web.config to use cookieless sessions causes the ASP.NET runtime to munge a session ID into...
0
by: Jerad Rose | last post by:
I have an odd scenario. I am working on a hybrid site that uses various development platforms, namely traditional ASP and Lasso (a Mac scripting language). The site uses its own custom sessions...
2
by: rk325 | last post by:
I have a question about cookies & browser permissions and turning off cookies when creating a web site (cookieless mode in web.config). I have a web site that of course uses Session variables....
0
by: Chris Gill | last post by:
I'm trying to use cookieless sessions in asp.net using the InProc mode (for various reasons it is not desirable for us to use the other modes if it is possible to avoid them). My problem revolves...
0
by: David H. | last post by:
Is there any way to have a user use cookieless sessions at runtime on a case-by-case basis? Or do cookieless sessions have to be turned on globally in the web.config for all users of the web...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.