By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,665 Members | 1,251 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,665 IT Pros & Developers. It's quick & easy.

cookieless session? Who has it working?

P: n/a
I experimented/researched cookieless sessions and tried it on my website.
I expected the switch to cookieless sessions to be transparent but this isn'
t the case at all:

1) Forms based authentication doesn't work
I read that the Whidbey release will support this and you can make it work
today:
http://www.codeproject.com/aspnet/cookieless.asp
Still, it's a showstopper for most websites

2) You can't use absolute links
I think developers use this lot (at least I do to make the link callable
from every place in the site, including other directories)
I can understand a bit why fully qualified URL's aren't supported but why is
it so hard to support absolute ones. Can anyone clarify this?
Again there is a nontransparent solution: Response.ApplyAppPathModifier

3) There is a major security risk
See:
http://builder.com.com/5100-6387-1044869.html
And
http://groups.google.com/groups?hl=e...3DN%26tab%3Dwg

No workaround possible I think
(I expected more from Microsoft but as always they will fix this after some
releases.)

My questions:
- Who uses cookieless state in a production website? Are you satisfied with
the results?
- Can someone, with more experience then me, confirm my 3 points (possibly
someone from Microsoft)
- Is there a 3rd party solution that makes cookieless websites a real
choice? (No app changes is meant by this)

For now I stay away from cookieless mode since it involves application
changes and a big security risk.

Please say that I am wrong :)
Nov 18 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Max
I wouldn't mess with this cookieless nonsense. Just make sure that your site
behaves itself if a client connects without a cookie. If you've ever tried
to browse the net without cookies, you know what these screens look like.
It's impossible to get around without cookies.

-5yr designer/developer
"Tom Pester" <tm***@hotmail.com> wrote in message
news:eX******************@TK2MSFTNGP12.phx.gbl...
I experimented/researched cookieless sessions and tried it on my website.
I expected the switch to cookieless sessions to be transparent but this isn' t the case at all:

Nov 18 '05 #2

P: n/a
hi,

hv alook at the site www.mapblast.com
it uses cookieless mode....
--
Thanks and Regards,

Amit Agarwal
Software Programmer(.NET)
"Max" <ma*****@portvista.com> wrote in message
news:0e*******************@twister.tampabay.rr.com ...
I wouldn't mess with this cookieless nonsense. Just make sure that your site behaves itself if a client connects without a cookie. If you've ever tried
to browse the net without cookies, you know what these screens look like.
It's impossible to get around without cookies.

-5yr designer/developer
"Tom Pester" <tm***@hotmail.com> wrote in message
news:eX******************@TK2MSFTNGP12.phx.gbl...
I experimented/researched cookieless sessions and tried it on my website. I expected the switch to cookieless sessions to be transparent but this

isn'
t the case at all:


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004
Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.