469,358 Members | 1,577 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,358 developers. It's quick & easy.

hiding session ID in browser

hello,

I have following session setting in my web.config file:
<configuration>
<system.web>
<sessionState
mode = "InProc"
cookieless="true"
timeout="10"/>
</system.web>
</configuration>

However, when I open my browser I get this in address bar:
http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx

Is there any way I can hide this (sessionID).
Thanks,

--
Vlad Jasovic
Excelle Technologies Inc.
http://www.excelleinc.com
"single source for all your computer needs"
Nov 18 '05 #1
6 3980
Sorry, forgot to mention that I want to have cookieless="true".

Is there any way I can hide sessiodID with these setting on "true"
Nov 18 '05 #2
You are using cookieless sessionstate, so the sessionID has to appear in the address bar.
--Michael.

"Vlad Jasovic" <vj******@excelleinc.com> wrote in message news:4u***********************@news.easynews.com.. .
hello,

I have following session setting in my web.config file:
<configuration>
<system.web>
<sessionState
mode = "InProc"
cookieless="true"
timeout="10"/>
</system.web>
</configuration>

However, when I open my browser I get this in address bar:
http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx

Is there any way I can hide this (sessionID).


Thanks,

--
Vlad Jasovic
Excelle Technologies Inc.
http://www.excelleinc.com
"single source for all your computer needs"

Nov 18 '05 #3
yeah, it really only affects obsessive-compulsive security-o-holics who raise the security of their browsers to block all cookies, People who do that run into quite a few problems in their web-browsing experience, so it serves them right if it doesn't work for them.

use the cookie, they taste good too.

"Tampa .NET Koder" <Ta***********@discussions.microsoft.com> wrote in message news:16**********************************@microsof t.com...
Yess-sir-ree, I think its all or nothing. However, having the session in the
browser shouldn't be an issue, its done all the time

"chriscollinson" wrote:
because you have cookieless set to true, that tells asp.net that you cant
save cookies on any of the user's pc, and so it stores the session id in the
url.

if you set it to false, the session id will be removed from the url and
placed inside a cookie on the users pc.

as far as i am aware, you cannot mix and match based on the user. its a
whole or nothing setting.

"Vlad Jasovic" wrote:
hello,

I have following session setting in my web.config file:
<configuration>
<system.web>
<sessionState
mode = "InProc"
cookieless="true"
timeout="10"/>
</system.web>
</configuration>

However, when I open my browser I get this in address bar:
http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx

Is there any way I can hide this (sessionID).


Thanks,

--
Vlad Jasovic
Excelle Technologies Inc.
http://www.excelleinc.com
"single source for all your computer needs"


Nov 18 '05 #4
The reason why I want to do this without cookies is because this web-site is
for broad audience and some of them (you'd be surprised) do have cookies
disabled.

Problem why I don't want SessionID in browser is because when you add
web-site to favorites it stores SessionID too. Doing some shopping carts and
wouldn't like to see it.


"Raterus" <mo*********@suretar.reverse> wrote in message
news:eW**************@TK2MSFTNGP10.phx.gbl...
yeah, it really only affects obsessive-compulsive security-o-holics who
raise the security of their browsers to block all cookies, People who do
that run into quite a few problems in their web-browsing experience, so it
serves them right if it doesn't work for them.

use the cookie, they taste good too.

"Tampa .NET Koder" <Ta***********@discussions.microsoft.com> wrote in
message news:16**********************************@microsof t.com...
Yess-sir-ree, I think its all or nothing. However, having the session in the browser shouldn't be an issue, its done all the time

"chriscollinson" wrote:
because you have cookieless set to true, that tells asp.net that you cant save cookies on any of the user's pc, and so it stores the session id in the url.

if you set it to false, the session id will be removed from the url and
placed inside a cookie on the users pc.

as far as i am aware, you cannot mix and match based on the user. its a
whole or nothing setting.

"Vlad Jasovic" wrote:
hello,

I have following session setting in my web.config file:
<configuration>
<system.web>
<sessionState
mode = "InProc"
cookieless="true"
timeout="10"/>
</system.web>
</configuration>

However, when I open my browser I get this in address bar:
http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx

Is there any way I can hide this (sessionID).
Thanks,

--
Vlad Jasovic
Excelle Technologies Inc.
http://www.excelleinc.com
"single source for all your computer needs"

Nov 18 '05 #5
"Vlad Jasovic" <vj******@excelleinc.com> wrote in message
news:Y2***********************@news.easynews.com.. .
The reason why I want to do this without cookies is because this web-site is for broad audience and some of them (you'd be surprised) do have cookies
disabled.
It's not unreasonable to inform users that, if they want to use your site,
they will have to enable cookies on their browser...
Problem why I don't want SessionID in browser is because when you add
web-site to favorites it stores SessionID too. Doing some shopping carts and wouldn't like to see it.


Then, regrettably, a web solution will not meet your needs, at least, not an
ASP.NET / IIS one...
Nov 18 '05 #6
In this case I would recommend not relying on session, but rolling your own
solution. Store an ID in viewstate or something on every page, be sure to
pass it along from page to page. Store your data somehow indexed by this ID,
so that then you can get it any time.

I agree that it is not unreasonable to require your site to only function
properly with cookies enabled. Either that, or give up the ability to
bookmark on favorites. People can't have their cake and eat it too. They
can't go nuts with security and turn everything off - and then expect the
same level of functionality.

"Vlad Jasovic" <vj******@excelleinc.com> wrote in message
news:Y2***********************@news.easynews.com.. .
The reason why I want to do this without cookies is because this web-site is for broad audience and some of them (you'd be surprised) do have cookies
disabled.

Problem why I don't want SessionID in browser is because when you add
web-site to favorites it stores SessionID too. Doing some shopping carts and wouldn't like to see it.


"Raterus" <mo*********@suretar.reverse> wrote in message
news:eW**************@TK2MSFTNGP10.phx.gbl...
yeah, it really only affects obsessive-compulsive security-o-holics who
raise the security of their browsers to block all cookies, People who do
that run into quite a few problems in their web-browsing experience, so it
serves them right if it doesn't work for them.

use the cookie, they taste good too.

"Tampa .NET Koder" <Ta***********@discussions.microsoft.com> wrote in
message news:16**********************************@microsof t.com...
Yess-sir-ree, I think its all or nothing. However, having the session in
the
browser shouldn't be an issue, its done all the time

"chriscollinson" wrote:
because you have cookieless set to true, that tells asp.net that you
cant save cookies on any of the user's pc, and so it stores the session id in the
url.

if you set it to false, the session id will be removed from the url

and placed inside a cookie on the users pc.

as far as i am aware, you cannot mix and match based on the user. its a whole or nothing setting.

"Vlad Jasovic" wrote:

> hello,
>
> I have following session setting in my web.config file:
> <configuration>
> <system.web>
> <sessionState
> mode = "InProc"
> cookieless="true"
> timeout="10"/>
> </system.web>
> </configuration>
>
> However, when I open my browser I get this in address bar:
> http://192.168.0.110/blabla/(uzqltc4...pgfn)/faq.aspx
>
> Is there any way I can hide this (sessionID).
>
>
> Thanks,
>
> --
> Vlad Jasovic
> Excelle Technologies Inc.
> http://www.excelleinc.com
> "single source for all your computer needs"
>
>
>


Nov 18 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Paul | last post: by
27 posts views Thread by mrbog | last post: by
14 posts views Thread by Darrin J Olson | last post: by
10 posts views Thread by Shock | last post: by
4 posts views Thread by Chris | last post: by
8 posts views Thread by ari | last post: by
2 posts views Thread by Gordon Burditt | last post: by
11 posts views Thread by Glenn | last post: by
11 posts views Thread by JJ297 | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.