| Author: manas ranjan meher 27 Sep 2006 | Member Level: Silver | Rating:  Points: 2 |
You may wish to configure your applications to use session state without relying on cookies. There could be several reasons for this:
1. You need to support old browser types that do not support cookies.
2. You wish to cater for people who have chosen to disable cookie support within their browser.
3. Certain types of domain name redirection mean that cookies / conventional state management will not work.
Cookie munging causes information regarding the session state id to be added to URL information. Thus the link between client and session data on the server is maintained.
It is simply enabled, as follows:
<configuration>
<system.web>
<sessionState cookieless=”true” />
</system.web>
</configuration>
If you change your web.config file to the above and then view a page which uses both the session object and postback you’ll see ASP.Net has inserted some extra information in the URL of the page. This extra information represents the session ID.
Cookie munging certainly does the job in instances where it is required but should be avoided where it is not, as it is insecure being susceptible to manual manipulation of the URL string.
|