Managing Sessions without Cookies

This section provides a tutorial example on how to manage sessions without using cookies - hide the session ID as a form input value.

To show you an example of managing your own sessions without cookie, I modified my number game to game_without_cookie.asp:

<script language="vbscript" runat="server">
'  game_without_cookie.asp
'  Copyright (c) 2004 by Dr. Herong Yang
'  This ASP page offers a simple game, relying on the session object
'  to remember the target number.
'
   sessionId = request.QueryString("sessionId")
   response.write("<html><body>")
   if Len(sessionId) = 0 then
      sessionId = Cint(application("lastSessionId")) + 1
      application("lastSessionId") = sessionId
      Randomize()
      number = Int(100*Rnd())
      application(sessionId&".number") = number
      response.write("Welcome to the Game Server!<br/>")
      response.write("I have a number between 0 and 100" & _
         " for you to guess.<br/>")
   else
      guess = request.QueryString("guess")
      number = application(sessionId&".number")
      if Cint(guess) = Cint(number) then
         Randomize()
         number = Int(100*Rnd())
         application(sessionId&".number") = number
         response.write("Congratulations, you win!<br/>")
         response.write("I have another number between 0 and 100" & _
            " for you to guess.<br/>")
      elseif Cint(guess) > Cint(number) then
         response.write("Your guess is too high. Please make" & _
            " another quess.<br/>")
      elseif Cint(guess) < Cint(number) then
         response.write("Your guess is too low. Please make" & _
            " another quess.<br/>")
      end if
   end if
   response.write("<form action=game_without_cookie.asp method=get>")
   response.write("<input type=hidden name=""sessionId""" & _
      " value="&SessionID&">")
   response.write("Your guess:")
   response.write("<input type=text size=4 name=guess>")
   response.write("<input type=submit name=submit value=Submit>" & _
      "</br>")
   response.write("</form>")
   response.write("ASP Server session ID is " & session.SessionID & _
      "<br/>")
   response.write("My session ID is " & sessionId & "<br/>")
   response.write("</body></html>")
</script>

If you run this page, the game will continue to work even after turned off the cookie support of your browser.

Note that:

Last update: 2004.

Table of Contents

 About This Book

 ASP (Active Server Pages) Introduction

 IIS (Internet Information Services) 5.0

 MS Script Debugger

 VBScript Language

 ASP Built-in Run-time Objects

 ASP Session

 Creating and Managing Cookies

Managing Sessions with and without Cookies

 Session ID Managed as a Cookie

 Session Management Considerations

Managing Sessions without Cookies

 scrrun.dll - Scripting Runtime DLL

 Managing Response Header Lines

 Calculation Speed and Response Time

 ADO (ActiveX Data Object) DLL

 Working with MS Access Database

 Guest Book Application Example

 References

 PDF Printing Version