Hi,

We are using SQL Server to store session information (We are using a COM dll for this). When the user logs in we are creating a GUID and we are using this GUID to get the session details. Currently we are passing this GUID to all the pages via the query string. Now the client wants us to remove the GUID from the URL and also the client doesn't want us to use cookies. Please let me know if there is any way of doing this. The technology is ASP and we are using WEBFARMS.

Thanks in Advance

Hello  there,

Why don't you use Session managment provided by asp.net and you can make it cookie less as well. if you write this code inside web.config

<sessionState mode="SQLServer" sqlConnectionString="yourConnectionstring" cookieless="true"></sessionState>

should help you so you do not need to control anything.

other than that I do not think you can find a way! if you need more information about sqlserver session state just let me know

When we set cookieless="true", the sessionID is passed as part of the URL and this can compromise the security.

yes but the only way to keep session is either by cookie or querysting

just curious if there's a way to do this besides cookies or session ?

Cookies- A client might deliberately disable cookies and hence might never be authenticated

Session - A web server farm/cluster will postback different session IDs for different requests and hence there is a good chance that the user might fail authentication between two postbacks.

Is there some other client specific information that can be persisted..Something like MAC Address OR IP Address ?

Thanks in Advance

Russel

Hi there

first about cookies: even popular sites like yahoo and google will not work porperly if you disable cookie.

about Session: it is true that in web farme you have diffrent SessionId for diffrent request. However by using StateServer or Sqlserver (these are types of session  managment in web.config) you can redirect people with correct sessionId.

If you need help about StateServer and SqlServer session managment just Let me know

Hello emady, can you explain more details in Stateserver and SqlServer session management to me ?  because i wanna to know more about it and i plan to use it afterward..

Thank you..

sure My friend just give me 6 hour I am at work then I will write a complete description about them sorry!

thank you.. i will be here waiting for you..

Hello my Friend you can see a complete explanation in followin link I  just wrote that for you

http://www.csharpcourses.com/2008/05/session-managment.html

it explains all diffrent session managment in Asp.net let me know if you have any issues

Thank for reply and help me. Later i will go through all the thing.