ASP Tutorials - Herong's Tutorial Examples

∟Managing Sessions with and without Cookies

∟Managing Sessions without Cookies

This section provides a tutorial example on how to manage sessions without using cookies - hide the session ID as a form input value.

To show you an example of managing your own sessions without cookie, I modified my number game to game_without_cookie.asp:

<script language="vbscript" runat="server">
'  game_without_cookie.asp
'  Copyright (c) 2004 by Dr. Herong Yang
'  This ASP page offers a simple game, relying on the session object
'  to remember the target number.
'
   sessionId = request.QueryString("sessionId")
   response.write("<html><body>")
   if Len(sessionId) = 0 then
      sessionId = Cint(application("lastSessionId")) + 1
      application("lastSessionId") = sessionId
      Randomize()
      number = Int(100*Rnd())
      application(sessionId&".number") = number
      response.write("Welcome to the Game Server!<br/>")
      response.write("I have a number between 0 and 100" & _
         " for you to guess.<br/>")
   else
      guess = request.QueryString("guess")
      number = application(sessionId&".number")
      if Cint(guess) = Cint(number) then
         Randomize()
         number = Int(100*Rnd())
         application(sessionId&".number") = number
         response.write("Congratulations, you win!<br/>")
         response.write("I have another number between 0 and 100" & _
            " for you to guess.<br/>")
      elseif Cint(guess) > Cint(number) then
         response.write("Your guess is too high. Please make" & _
            " another quess.<br/>")
      elseif Cint(guess) < Cint(number) then
         response.write("Your guess is too low. Please make" & _
            " another quess.<br/>")
      end if
   end if
   response.write("<form action=game_without_cookie.asp method=get>")
   response.write("<input type=hidden name=""sessionId""" & _
      " value="&SessionID&">")
   response.write("Your guess:")
   response.write("<input type=text size=4 name=guess>")
   response.write("<input type=submit name=submit value=Submit>" & _
      "</br>")
   response.write("</form>")
   response.write("ASP Server session ID is " & session.SessionID & _
      "<br/>")
   response.write("My session ID is " & sessionId & "<br/>")
   response.write("</body></html>")
</script>

If you run this page, the game will continue to work even after turned off the cookie support of your browser.

Note that:

• My session IDs are generated sequentially. Not very secure.
• For each session, the ID is transferred a hidden input value of the HTML form that takes the user's input.
• The shared information, the target number, is stored in the IIS application object with the session ID as part of the key.
• There is no mechanism to detect the end of a session, or an inactive session. So do not use this example as a real application. If you do, your server will slowly run out of memory as more and more users coming to your server.

Table of Contents

 About This Book

 ASP (Active Server Pages) Introduction

 IIS (Internet Information Services) 5.0

 MS Script Debugger

 VBScript Language

 ASP Built-in Run-time Objects

 ASP Session

 Creating and Managing Cookies

►Managing Sessions with and without Cookies

 Session ID Managed as a Cookie

 Session Management Considerations

►Managing Sessions without Cookies

 scrrun.dll - Scripting Runtime DLL

 Managing Response Header Lines

 Calculation Speed and Response Time

 ADO (ActiveX Data Object) DLL

 Working with MS Access Database

 Guest Book Application Example

 References

 Full Version in PDF/EPUB

Managing Sessions without Cookies - Updated in 2019, by Dr. Herong Yang