you cannot disable cookies just for a page....
you can specify whether the session is a cookieless session or not.
which would mean that it would be session wide and not bound to one page...
in that case you would have session id as a part of the page header.
you cannot disable cookies just for a page....
you can specify whether the session is a cookieless session or not.
which would mean that it would be session wide and not bound to one page...
in that case you would have session id as a part of the page header.
add to kevin's comment... if you are using cookie to maintain session
info... and the client brower has blocked cookies... then it would cause
every request by that machine on the server to have a new session...
hi,
this is amit
if we use cookieless ,
then how secure our site will be from session hackers..
,also is there a way that if we detect client having disabled his cookies
then our site should still work?
think asp have browser cap... with aspx i think it has been intergrated into
Request object.
but whats the point.. you can change the behaviour at run time on whether to
use cookie or append the session id to the url..
you can only do that in web.config and its applicable to all the clients....
btw... session id is encrypted so it wont be easy to guess them.... look up
into session ids on msdn should clear a few things... it uses
RNGCryptoServiceProvider to generate a random 15 byte number which is then
encoded to a 25 character string...
plus if you are using forms authentication... you would probably be written
the authentication ticket in a cookie without knowing...
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
