How to store session ID without cookies and without "Cookieless=True"

[Paul W]

Hi -

I don't want to rely on my users having cookies enabled.

If I use Cookieless=True it of course mangles the urls which means there is
no browser caching of the pages, so it is slow.

What are the other options to use to be able to store a small amount of
session data? I know it can be done because, for example,
www.discountasp.net's site doesn't use cookies or cookie-munging, but it
works just fine to remember my login throughout the site.

Thanks for all input,

Paul.

 

[Brock Allen]

What are the other options to use to be able to store a small amount

of session data? I know it can be done because, for example,
www.discountasp.net's site doesn't use cookies or cookie-munging, but
it works just fine to remember my login throughout the site.

What makes you think it's not using cookies? I just ran a test with and without
cookies and I must enable cookies for their site to login.

 

[gaidar]

You have three ways:
1. Store session ID in cookie file
2. Store Session ID in the URL (for example,
mysite.com/HFFKSJ3F35R4W46HR435YFS/myFolder/myPage.aspx
3. Store Session ID in QueryString (for example,
mysite.com/myFolder/myPage.aspx?SID=HFFKSJ3F35R4W46HR435YFS

Nothing more. You should select

Gaidar

 

[Chiky]

But how to implement storing sessionid in QueryString? IF I have a
sessionID passed through QueryString, i can't initialize session with
this ID.

Chiky

 

[Nick Gilbert]

If I use Cookieless=True it of course mangles the urls which means there

is no browser caching of the pages, so it is slow.

The browser WILL still cache the pages. The session ID remains the same
all the time as long as you don't force it to create a new session by
linking to a page without including a session ID.

The fact that the URL becomes:

/(bktylw45s3f14345r3w4lx2j)/catalogue.aspx

...is no different to if it was:

/catalogue/catalogue.aspx

It's just a folder name and doesn't affect client side caching at all.

If I were you, I'd use cookieless=true.

Just ensure that your links in the website start with "~" rather than
"/" or otherwise you'll create a new session. ~ gets resolved to the
correct URL for the current session if you pass it through
Server.ResolveUrl(). You don't need to call ResolveUrl manually for most
internal functions that take URLs as arguments.

eg Response.Redirect("~/basket.aspx");

You might also have to convert some hard coded links (HTML) to
asp:HyperLinks so you can use the "~" and thus avoid creating new sessions.

Note that ~ doesn't work in <a> tags. It's a server side macro only.

Hope this helps.

Nick...