login and sessions
in [ASP]
|
From: Ricardo Furtado on 31 Aug 2010 08:02 When developing web pages i usualy check if the user is logged by using sessions. Yesterday i read something about the down sides of sessions and one of them is when computers don't allow sessions. What should be the best way to check if a user is logged?
From: Tim Slattery on 31 Aug 2010 08:39 Ricardo Furtado <RicardoFurtado(a)discussions.microsoft.com> wrote: >When developing web pages i usualy check if the user is logged by using >sessions. >Yesterday i read something about the down sides of sessions and one of them >is when computers don't allow sessions. >What should be the best way to check if a user is logged? Sessions are maintained server-side. They are identified by a cookie that's passed back and forth between the server and client. Most clients will allow session cookies even if they don't allow persistent cookies. If the client doesn't allow session cookies, then there's nothing much you can do to maintain a session. (And the user has cut himself off from a LARGE part of the web!) -- Tim Slattery Slattery_T(a)bls.gov http://members.cox.net/slatteryt
From: Ricardo Furtado on 31 Aug 2010 10:17 Thanks for your answer. So, but can i believe that sessions are the best options for this kind of tasks? better than passing a session ID in every URL or even global variables? "Tim Slattery" wrote: > Ricardo Furtado <RicardoFurtado(a)discussions.microsoft.com> wrote: > > >When developing web pages i usualy check if the user is logged by using > >sessions. > >Yesterday i read something about the down sides of sessions and one of them > >is when computers don't allow sessions. > >What should be the best way to check if a user is logged? > > Sessions are maintained server-side. They are identified by a cookie > that's passed back and forth between the server and client. Most > clients will allow session cookies even if they don't allow persistent > cookies. If the client doesn't allow session cookies, then there's > nothing much you can do to maintain a session. (And the user has cut > himself off from a LARGE part of the web!) > > -- > Tim Slattery > Slattery_T(a)bls.gov > http://members.cox.net/slatteryt > . >
From: Evertjan. on 31 Aug 2010 11:15 Ricardo Furtado wrote on 31 aug 2010 in microsoft.public.inetserver.asp.general: > "Tim Slattery" wrote: > >> Ricardo Furtado <RicardoFurtado(a)discussions.microsoft.com> wrote: >> >> >When developing web pages i usualy check if the user is logged by >> >using sessions. >> >Yesterday i read something about the down sides of sessions and one >> >of them is when computers don't allow sessions. >> >What should be the best way to check if a user is logged? >> >> Sessions are maintained server-side. They are identified by a cookie >> that's passed back and forth between the server and client. Most >> clients will allow session cookies even if they don't allow >> persistent cookies. If the client doesn't allow session cookies, then >> there's nothing much you can do to maintain a session. (And the user >> has cut himself off from a LARGE part of the web!) [please do not top post or quote signatures on usenet] > Thanks for your answer. > > So, but can i believe that sessions are the best options for this kind > of tasks? better than passing a session ID in every URL A session is passing a session ID in every request header. Why do you think "the best" exists? That is a matter of tast, not of axioms. > or even global variables? Uh? what do you mean, global where? On the server? As a application variable? Or as a session variable? [you would need a session for the latter] Or on the browser? How would you recognize a specific user with those? -- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress)
From: Bwig Zomberi on 2 Sep 2010 00:54
Ricardo Furtado wrote: > When developing web pages i usualy check if the user is logged by using > sessions. > Yesterday i read something about the down sides of sessions and one of them > is when computers don't allow sessions. > What should be the best way to check if a user is logged? Use session variables to maintain login details. Use response.cookies to maintain other details such user preferences, shopping cart details... -- Bwig Zomberi |