Cookie Alternatives - Hidden variables?

[starkertowers]

I was previosly using cookies in an internet application that I am building and noticed that when a user opens multiple instances of the same app in the browser on their computer simultaneously, the user credentials are getting undesirably switched, presumeably due to the use of cookies in the app. I am trying to implement an alternate solution, one that is cookie free. Once the user logs in, i'd like to store their credentials in a header file that remains constant, while any subsequent page that is loaded in the body of the app will draw on these hidden variables in the header. I think the problem with this approach is that the subsequent pages have to be submitted before the values in the header can be extracted. Ultimately though, when a page is loaded, I want to retrieve the values from the header. Thanks in advance for any advice.

 

[PogoWolf]

I've thought of something like this before.. the thought was to create all the pages in a HTML Frameset, but set the TOP frames width to 0.. that way the user can't see it.. and turn off the movement.. you could then use javaScript to read/write to hidden form fields to read/write your data...

but this.. I must say, isn't that easy.. and at the least a huge pain to create...

IF you want to keep pure ASP, and you don't expect a ton of hits to your server.. just use Session or Applucation Vars..

Something else that might work.. Write the cookies with specfic name per login.. useing a session Var to keep track of the cookie name..

that way you can have differnt cookies per log in.. but they can't get transversed..

The PogoWolf

http://www.4TheGames.net

 

[starkertowers]

PogoWolf, Thank you for the reply. I like the last alternative, but i have already given the cookie a name and value, for ex:

Response.Cookies("Login&quot("UserID&quot = (value from database)
Response.Cookies("Login&quot("CompanyID&quot = (value from database)


After that, I set a local variable in vbscript on each page equal to the cookie, for ex:

myUID = Response.Cookies("Login&quot("UserID&quot

for whatever page i need to get at the userID of the person logged in. The user transversal is still unfortuneatley happening however, when the user has multiple instances of the app running on the same machine simultaneously.

Can you elaborate more on the session variable?

Again, thanks in advance.

 

[PogoWolf]

The Session object is used to store information about, or change settings for a user session.

Variables stored in the Session object hold information about one single user, and are available to all pages in one application.

The server creates a new Session object for each new user, and destroys the Session object when the session expires.

So like from your example above you'd have:

Session("UserID&quot = (value from database)
Session("Login&quot = (value from database)
Session("CompanyID&quot = (value from database)

and to read them:
UserName = Session("UserID&quot
Login = Session("Login&quot
etc...

there's allot of Similar things about the sessions and cookies.. Think of a session like a Server 'cookie'
All Sessions are stored on the server.. not the client, and each are 'owned' by the process that started the session.

therefore there's no way for a user to duplcate a log in each log in would be a seperate process.

Hope that helps. =)


The PogoWolf

http://www.4TheGames.net

 

[kkbigboy]

Another simple way would be to clear the current cookies when the login page loads. For example after the <@LANGUAGE=&quot;VBSCRIPT&quot;%> add this below it.
Response.Buffer = true 'if you need to redirect
Response.Cookies(&quot;Login&quot= &quot;&quot;

That blanks all existing Login Library cookies and prepares your user to insert new info.