|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Session Vars vs. Hidden Fields and SSLDo I understand correctly that the value of a session variable is actually stored in the server's ram, but relies on the asp.net session ID cookie that temporarily is placed on the client's machine until the session ends? ...so that you can't use session variables if the client has disabled cookies on their browser? So, this makes session vars much more secure than hidden fields, which are transmitted to the client's browser and can be viewed simply by opening "view source." So, the hidden fields or query string methods of passing values across pages will work with cookies disabled, but session vars won't? Can SSL be used in cases where the client has their cookies completely disabled? If not, then I would assume that there is no advantage (assuming adequate server ram) to using hidden fields instead of session vars where SSL will eventually be used? Thanks jeff > Do I understand correctly that the value of a session variable is actually Yes, and this cookie is not like a normal cookie. A "session" cookie is not > stored in the server's ram, but relies on the asp.net > session ID cookie that temporarily is placed on the client's machine until > the session ends? written to the client's hard drive it is also held in RAM of the client by the browser. > ...so that you can't use session variables if the client has disabled Yes.> cookies on their browser? >So, this makes session vars much more secure than hidden fields, I'm not sure that secure is the word for it, since hidden field values are typically established at the client and sent to the server, not the other way around. > which are transmitted to the client's browser and can be viewed simply by Yes.> opening "view source." So, the hidden fields or query > string methods of passing values across pages will work with cookies > disabled, but session vars won't? > Can SSL be used in cases where the client has their cookies completely Yes. SSL has nothing to do with cookies. It has to do with a security > disabled? certificate being installed on the server and the https protocol being used for data transmission that will encrypt what is sent from client to server. >If not, then I would assume that there is no advantage (assuming adequate SSL really doesn't have anything to do with session variables and cookies. >server ram) to using hidden fields instead of session vars where SSL will >eventually be used? The former is an encryption technology and the latter are data persistence schemes. Thanks
Show quoteHide quote "Scott M." <s-mar@nospam.nospam> wrote in message news:eehvq523GHA.5092@TK2MSFTNGP04.phx.gbl... > > Do I understand correctly that the value of a session variable is actually > > stored in the server's ram, but relies on the asp.net > > session ID cookie that temporarily is placed on the client's machine until > > the session ends? > > Yes, and this cookie is not like a normal cookie. A "session" cookie is not > written to the client's hard drive it is also held in RAM of the client by > the browser. 
Other interesting topics
SQL Statement for limiting the number of detail retrieved in Access 2000?
Combining a date value with a time value rotating image SQL DISTINCT COUNT Constant - InDebugMode Single Sign On / Authentication System? Deploying programs with net framework 2 onto framework 1 error ASP.NET 2.0 won't let me put my user controls in the same directory as Web.config Binding a Text Box |
|||||||||||||||||||||||
