Managing Sessions without Cookies

This section provides a tutorial example on how to manage sessions without using cookies - hide the session ID as a form input value.



To show you an example of managing your own sessions without cookie, I modified my number game to game_without_cookie.asp:

<script language="vbscript" runat="server">
'  game_without_cookie.asp
'  Copyright (c) 2004 by Dr. Herong Yang
'  This ASP page offers a simple game, relying on the session object
'  to remember the target number.
'
   sessionId = request.QueryString("sessionId")
   response.write("<html><body>")
   if Len(sessionId) = 0 then
      sessionId = Cint(application("lastSessionId")) + 1
      application("lastSessionId") = sessionId
      Randomize()
      number = Int(100*Rnd())
      application(sessionId&".number") = number
      response.write("Welcome to the Game Server!<br/>")
      response.write("I have a number between 0 and 100" & _
         " for you to guess.<br/>")
   else
      guess = request.QueryString("guess")
      number = application(sessionId&".number")
      if Cint(guess) = Cint(number) then
         Randomize()
         number = Int(100*Rnd())
         application(sessionId&".number") = number
         response.write("Congratulations, you win!<br/>")
         response.write("I have another number between 0 and 100" & _
            " for you to guess.<br/>")
      elseif Cint(guess) > Cint(number) then
         response.write("Your guess is too high. Please make" & _
            " another quess.<br/>")
      elseif Cint(guess) < Cint(number) then
         response.write("Your guess is too low. Please make" & _
            " another quess.<br/>")
      end if
   end if
   response.write("<form action=game_without_cookie.asp method=get>")
   response.write("<input type=hidden name=""sessionId""" & _
      " value="&SessionID&">")
   response.write("Your guess:")
   response.write("<input type=text size=4 name=guess>")
   response.write("<input type=submit name=submit value=Submit>" & _
      "</br>")
   response.write("</form>")
   response.write("ASP Server session ID is " & session.SessionID & _
      "<br/>")
   response.write("My session ID is " & sessionId & "<br/>")
   response.write("</body></html>")
</script>

If you run this page, the game will continue to work even after turned off the cookie support of your browser.

Note that:

Last update: 2004.



 

Table of Contents

 About This Book

 ASP (Active Server Pages) Introduction

 IIS (Internet Information Services) 5.0

 MS Script Debugger

 VBScript Language

 ASP Built-in Run-time Objects

 ASP Session

 Creating and Managing Cookies

Managing Sessions with and without Cookies

 Session ID Managed as a Cookie

 Session Management Considerations

Managing Sessions without Cookies

 scrrun.dll - Scripting Runtime DLL

 Managing Response Header Lines

 Calculation Speed and Response Time

 ADO (ActiveX Data Object) DLL

 Working with MS Access Database

 Guest Book Application Example

 References

 Full Version in PDF/EPUB