Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can I use session variables if the user does not have cookies enabled?

session variables

Can I use session variables if the user does not have cookies enabled?

by  onpnt  Posted    (Edited  )
There has been a question asked multiple times lately on the relationship between cookies and session variables and I have yet to see a complete explanation on the main question being "Will session variables work if cookies are disabled". It drove me nuts seeing everyone going back and forth on this one so I did the tests and did the research and this is what I have for my results along with the answer to the question.
Here is a simple test I performed
With cookies disabled
Session.asp
<%
response.write(session.sessionID &"<br>")
session("var2") = "didn't need cookies" & "<br>"
response.write "the session variable contains " & session("var2")
%>
Now of course this worked fine. I even received a session ID.
Here's what I got

406791000
the session variable contains didn't need cookies

However, when I tried to call this variable on the next page
Session2.asp
<%
response.write "The session variable contains " & session("var2")
%>
I recieved this
The session variable contains the session variable contains

So it did not work with cookies disabled. So, with these results in hand I am confident in stating
"The user must have cookies enabled in order for you to use a session variable ACROSS the pages of the site"

I think that is the main comment here. The session variables will work in one page of course, but when you try to call upon this variable in the next page you will not receive its value.

Here is the best article I found on this issue thus far and if I find more then I will add, but I think it along with this test pretty much sums it up.

(By the way, when I enabled cookies the test worked fine)

This is from http://www.4guysfromrolla.com/

Question: For session variables to work, must the Web visitor have cookies enabled?

Answer: Kind of. Session variables are bits of information that can be stored on a user-by-user basis. These bits of information are stored on the Web server. To tie these bits of memory with a particular user, for session variables to persist across Web pages, the user must have cookies enabled. When a user first visits a page on a site that uses Session variables, two things happen:

-- A block of memory is allocated for that particular user's session variables on the Web server. This block of memory is identified by a unique SessionID
-- A cookie is written to the user's computer, storing the value of the SessionID

When the user visits another page on the site that uses session variables, the users SessionID cookie is referenced to determine if the user already has a session variable memory block setup. If he does, the values that are stored there are referenced. Through this mechanism, one can create seemingly "global" variables that persist from one page to another.
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top