Re: hiding session ID in browser
From: Marina (someone_at_nospam.com)
Date: 08/18/04
- Next message: Random: "Database connections in Web Services"
- Previous message: MS News \(MS ILM\): "File upload limit handleing"
- In reply to: Vlad Jasovic: "Re: hiding session ID in browser"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 18 Aug 2004 14:18:52 -0400
In this case I would recommend not relying on session, but rolling your own
solution. Store an ID in viewstate or something on every page, be sure to
pass it along from page to page. Store your data somehow indexed by this ID,
so that then you can get it any time.
I agree that it is not unreasonable to require your site to only function
properly with cookies enabled. Either that, or give up the ability to
bookmark on favorites. People can't have their cake and eat it too. They
can't go nuts with security and turn everything off - and then expect the
same level of functionality.
"Vlad Jasovic" <vjasovic@excelleinc.com> wrote in message
news:Y2MUc.21897684$Id.3628465@news.easynews.com...
> The reason why I want to do this without cookies is because this web-site
is
> for broad audience and some of them (you'd be surprised) do have cookies
> disabled.
>
> Problem why I don't want SessionID in browser is because when you add
> web-site to favorites it stores SessionID too. Doing some shopping carts
and
> wouldn't like to see it.
>
>
>
>
> "Raterus" <moc.liamtoh@suretar.reverse> wrote in message
> news:eW6UbSUhEHA.1764@TK2MSFTNGP10.phx.gbl...
> yeah, it really only affects obsessive-compulsive security-o-holics who
> raise the security of their browsers to block all cookies, People who do
> that run into quite a few problems in their web-browsing experience, so it
> serves them right if it doesn't work for them.
>
> use the cookie, they taste good too.
>
> "Tampa .NET Koder" <TampaNETKoder@discussions.microsoft.com> wrote in
> message news:16582965-8A62-4721-B327-EDB223F2B2E0@microsoft.com...
> > Yess-sir-ree, I think its all or nothing. However, having the session
in
> the
> > browser shouldn't be an issue, its done all the time
> >
> > "chriscollinson" wrote:
> >
> > > because you have cookieless set to true, that tells asp.net that you
> cant
> > > save cookies on any of the user's pc, and so it stores the session id
in
> the
> > > url.
> > >
> > > if you set it to false, the session id will be removed from the url
and
> > > placed inside a cookie on the users pc.
> > >
> > > as far as i am aware, you cannot mix and match based on the user. its
a
> > > whole or nothing setting.
> > >
> > > "Vlad Jasovic" wrote:
> > >
> > > > hello,
> > > >
> > > > I have following session setting in my web.config file:
> > > > <configuration>
> > > > <system.web>
> > > > <sessionState
> > > > mode = "InProc"
> > > > cookieless="true"
> > > > timeout="10"/>
> > > > </system.web>
> > > > </configuration>
> > > >
> > > > However, when I open my browser I get this in address bar:
> > > > http://192.168.0.110/blabla/(uzqltc45cdkwhb25h5oxpgfn)/faq.aspx
> > > >
> > > > Is there any way I can hide this (sessionID).
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > --
> > > > Vlad Jasovic
> > > > Excelle Technologies Inc.
> > > > http://www.excelleinc.com
> > > > "single source for all your computer needs"
> > > >
> > > >
> > > >
>
>
- Next message: Random: "Database connections in Web Services"
- Previous message: MS News \(MS ILM\): "File upload limit handleing"
- In reply to: Vlad Jasovic: "Re: hiding session ID in browser"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
