Why SESSION variables fail if browser cookies OFF ?

Doug Bell · Mar 22, 2004

session("<label>") fails
if the browser's Privacy setting has cookies off.

What's going on?

Marina · Mar 22, 2004

Because the sessionid is stored in a session cookie on the client. If
cookies are turned off, then this sessionid cannot be stored - and as far as
the server is concerned, it always looks like a new session, since it never
gets the sessionid it assigned previously.

Doug Bell · Mar 23, 2004

Session ID is stored in cookies.

How can I work around this?

Guest · Apr 22, 2004

How is this solved in .NET

----- Marina wrote: ----

Because the sessionid is stored in a session cookie on the client. I
cookies are turned off, then this sessionid cannot be stored - and as far a
the server is concerned, it always looks like a new session, since it neve
gets the sessionid it assigned previously

Elio M. Gonzalez · Apr 22, 2004

Simple. Instead of sending the session identifier in a cookie, you pass
it in the URL as the user moves throughout the site.

Here are a few articles describing it:
http://msdn.microsoft.com/msdntv/episode.aspx?xml=episodes/en/20030318ASPNETRH/manifest.xml

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp12282000.asp

Elio Gonzalez

GitLab self hosted SSL nightmare	0	May 2, 2026
Session Vars vs. Hidden Fields and SSL	2	Sep 24, 2006
checking for enabled cookies?	4	Dec 31, 2006
EU clears up ad-blocker and cookies rules for publishers and telecos	2	Jan 10, 2017
Session State and cookies	3	Feb 12, 2008
Can i have a cookie	3	Nov 4, 2004
cookies creating object reference errors	1	Nov 19, 2008
Is there a way to detect two browsers using the same session ID?	5	Apr 15, 2010

Why SESSION variables fail if browser cookies OFF ?

Doug Bell

Marina

Doug Bell

Guest

Elio M. Gonzalez

Ask a Question

Similar Threads