Implementing Cookieless Session (ASP.NET)

Cookies are basically text data which a web site may store of the user's machine. Cookies are not considered as safe medium to store data as they could be dangerous in some scenario. Also there might be the case that user has cookies turned off on his machine or the browser doesn't supports the cookies. Our application might get failed if it is depended on cookies support on client side. Most of the time session id is stored at client side in cookies. Therefore we won't be able to retrieve session's data in the case when cookies are not enable.

ASP.NET Cookieless Support

ASP.NET support cookieless execution of the application when the client doens't have cookies support. When to chose cookieless, the session id is transferred via the request url. Each and every request of the application page contains the session id embedded in its url. So the web application need not to request the session from the cookies.

To set Cookieless session in an ASP.NET application set following value in web.config file

<sessionstate cookieless="true" />

When you have cookieless session then the url may look like this

http://www.dailycoding.com/Posts/(_entv9gVODTzHuenph6KAlK07..)/test.aspx

12 comment(S)


bala on Nov 26, 2009 04:38 AM

its simply nice!!!

Dos on Oct 4, 2010 05:26 AM

short and sweet.. thanks

ewitkows on Oct 5, 2010 02:10 PM

Ugh, atleast mention that this is a security issue - http://seclists.org/webappsec/2002/q4/111

Ujval Shah on Oct 7, 2010 10:30 AM

Hi,

Thanks for short and sweet description....

Neha Jain on Nov 11, 2010 02:36 AM

Good One. It really help

> content removed

Goldwind on Dec 29, 2010 07:24 AM

What about web service?
It seems that session cookiesless cause calient calls to web services, not to work.

Mayur on May 1, 2011 08:16 PM

it's really nice article..
Thanks...

srinivas kotha on May 27, 2011 10:18 AM

Its simply quit

srinivas kotha on May 27, 2011 10:19 AM

It simply cute.............

sponsored

Pankaj on Oct 20, 2011 08:56 PM

Thanx...........

vamsi boppana on Jan 13, 2013 07:53 AM

wow...what an explanation.Very nice

Thiygarajan on Feb 12, 2014 06:22 AM

how to avoid session id in url even if cookieless property has been true

Leave a comment