ericnet
Programmer
- Mar 29, 2006
- 106
I have a marketplace where registered users have its private area, and there is also a public area (very similar to a forum). To enter in the private area the user has to enter e-mail and password, and once verified that exists in the database a new session starts with an ASP.NET Session() object.
Now I am implementing a system to record user activity in the database, along all the website (public and private area), and to do so I give two cookies, ‘client’ and ‘session’. ‘Client’ is a permanent cookie that stores a unique reference that recognizes each client/computer, and ‘session’ cookie is an in-memory cookie that stores current session id.
Now, if user has cookies disabled a new session with an unknown user is added in the DB for each page the user visits, so it’s very difficult to see the path of the real session. Also, with cookies disabled it’s impossible that user can enter to his/her private area, because ASP.NET Session() object uses cookies.
My question is, is it worth that I try to change the code to record user session activity even when cookies are disabled? I know (more or less) how to do it in the public area, but in the private area I don’t really know how to substitute the Session() object, where I store other important data, and after a period of time the session auto-expires for security reasons. Also, I don’ t want to use the ‘cookieless’ ASP.NET mechanism, since I have heard and read that it’s very problematic.
Is it really worth that I consider the case of cookies are disabled? Because perhaps there are very very few users that disables cookies..
What’s your opinion?
Thank you
Now I am implementing a system to record user activity in the database, along all the website (public and private area), and to do so I give two cookies, ‘client’ and ‘session’. ‘Client’ is a permanent cookie that stores a unique reference that recognizes each client/computer, and ‘session’ cookie is an in-memory cookie that stores current session id.
Now, if user has cookies disabled a new session with an unknown user is added in the DB for each page the user visits, so it’s very difficult to see the path of the real session. Also, with cookies disabled it’s impossible that user can enter to his/her private area, because ASP.NET Session() object uses cookies.
My question is, is it worth that I try to change the code to record user session activity even when cookies are disabled? I know (more or less) how to do it in the public area, but in the private area I don’t really know how to substitute the Session() object, where I store other important data, and after a period of time the session auto-expires for security reasons. Also, I don’ t want to use the ‘cookieless’ ASP.NET mechanism, since I have heard and read that it’s very problematic.
Is it really worth that I consider the case of cookies are disabled? Because perhaps there are very very few users that disables cookies..
What’s your opinion?
Thank you
