472,958 Members | 2,290 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > visual basic .net > questions > session vars vs. hidden fields and ssl

Join Bytes to post your question to a community of 472,958 software developers and data experts.

Session Vars vs. Hidden Fields and SSL


....still new to .net 2005 using VB.

Do I understand correctly that the value of a session variable is actually stored in the server's ram, but relies on the asp.net
session ID cookie that temporarily is placed on the client's machine until the session ends? ...so that you can't use session
variables if the client has disabled cookies on their browser? So, this makes session vars much more secure than hidden fields,
which are transmitted to the client's browser and can be viewed simply by opening "view source." So, the hidden fields or query
string methods of passing values across pages will work with cookies disabled, but session vars won't?

Can SSL be used in cases where the client has their cookies completely disabled? If not, then I would assume that there is no
advantage (assuming adequate server ram) to using hidden fields instead of session vars where SSL will eventually be used?

Thanks

jeff


--
Posted via a free Usenet account from http://www.teranews.com

Sep 23 '06 #1
2 2521
Do I understand correctly that the value of a session variable is actually
stored in the server's ram, but relies on the asp.net
session ID cookie that temporarily is placed on the client's machine until
the session ends?
Yes, and this cookie is not like a normal cookie. A "session" cookie is not
written to the client's hard drive it is also held in RAM of the client by
the browser.
...so that you can't use session variables if the client has disabled
cookies on their browser?
Yes.
>So, this makes session vars much more secure than hidden fields,
I'm not sure that secure is the word for it, since hidden field values are
typically established at the client and sent to the server, not the other
way around.
which are transmitted to the client's browser and can be viewed simply by
opening "view source." So, the hidden fields or query
string methods of passing values across pages will work with cookies
disabled, but session vars won't?
Yes.
Can SSL be used in cases where the client has their cookies completely
disabled?
Yes. SSL has nothing to do with cookies. It has to do with a security
certificate being installed on the server and the https protocol being used
for data transmission that will encrypt what is sent from client to server.
>If not, then I would assume that there is no advantage (assuming adequate
server ram) to using hidden fields instead of session vars where SSL will
eventually be used?
SSL really doesn't have anything to do with session variables and cookies.
The former is an encryption technology and the latter are data persistence
schemes.
Sep 24 '06 #2

Thanks

"Scott M." <s-***@nospam.nospamwrote in message news:ee**************@TK2MSFTNGP04.phx.gbl...
Do I understand correctly that the value of a session variable is actually
stored in the server's ram, but relies on the asp.net
session ID cookie that temporarily is placed on the client's machine until
the session ends?

Yes, and this cookie is not like a normal cookie. A "session" cookie is not
written to the client's hard drive it is also held in RAM of the client by
the browser.


--
Posted via a free Usenet account from http://www.teranews.com

Sep 26 '06 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Passing SESSION Data
by: Paul | last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and session.use_trans_sid = 1 in my php.ini file. Index.php contains:...
PHP
27
Reality Check: Session Hijacking
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
PHP
8
problem accessing session variables across pages
by: ndsoumah | last post by:
hello guys I'm trying to get access to variables I put in a session variable from another page and it fails... here's the exact situation main file page1.php
PHP
7
Another ASP Session problem with IIS6, somebody must have a definative answer!
by: Adam Short | last post by:
I'm having all sorts of problems with Sessions, I've been using them for years with out a hitch, all of a sudden the last 6 - 12 months since getting our new Win2003 server it's all gone shakey!!!...
ASP / Active Server Pages
9
session("var")= rs.getRows()
by: bajopalabra | last post by:
hi session("myVar") = rs.getRows( ) don't work when number of records is greater than 10 does anybody know WHY ??? is it a Session object limitation ??? thanks
ASP / Active Server Pages
6
ASP Session Vars to ASP.Net
by: JDP | last post by:
First off let me say that http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/converttoaspnet.asp would not work as I see it. Right off, I can't have a cookie. ...
ASP.NET
1
Replacing or improving Session vars usage - advice
by: Larry Neylon | last post by:
Hi, I'm working on a VBScript application on IIS6 and I'm looking for some advice about the best way of replacing or improving session variable usage. The application is in a secure extranet...
ASP / Active Server Pages
17
How to allow a webbrowser to restart a session after it has expired?
by: Riaan | last post by:
Hi guys! I have an issue that needs urgent resolution. Imagine this scenario: You have: 1 production server running Windows Server 2003, IIS6 and an instance of MSDE 2000. There is an...
ASP.NET
9
Session losing variables?
by: Schraalhans Keukenmeester | last post by:
I am stomped with the following problem: I have a script start.php and a second script proceed.php Relevant (and working) sections of the code: start.php <?PHP start_session();
PHP
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
How to find best mobile app development company in usa
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
Mobile Development
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
4
NeoPa
Send Current Object to PDF
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
Microsoft Access / VBA
3
NeoPa
VBA Class Basics
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
Microsoft Access / VBA
1
Report value list
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 1 Nov - Using SQL Server skills to extend Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
Microsoft Access / VBA
3
Finding a record, and then saving a new record after the record has been amended.
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
Microsoft Access / VBA
2
Take a Database to the Next Level
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!