How to track user activity when cookies are disabled by the client? 1

[ericnet]

I have an ASP.NET web app where I track user activity using cookies, and I store that activity in the database. To do so, I give two cookies to client browser, user_id (permanent cookie) and session_id (in-memory cookie), and with both cookies I handle all the necessary work to store all the information I need into the database.

But now I need to handle the situation when the user has the cookies of his/her browser disabled, so that I can continue maintain user session and storing session activity into de database. Which are the best alternatives I have to accomplish that task?

Thank you

 

[vbkris]

there is a cookieless attribute available in the Session config section in web.config. it goes something like this:

<sessionState ..... cookieless="true">


see if that suits ur needs...

Known is handfull, Unknown is worldfull

 

[ericnet]

Thanks to answer, but I think this doesn't suit my needs.

Somebody knows anything else about this?

I am thinking the possibility of using query string. In every page load, check if browser supports cookies, if not, check if query string has a session id, if not, generate a new session id and put the session id embedded in all relative links in the page, so that when navigate to another page pass the session id via query string, and so on..

So, in every page put something like this:

Sub Page_Load()
 If Not IsPostBack Then

  Dim bc As HttpBrowserCapabilities = Request.Browser
  
   If bc.Cookies = True Then 

     ‘Retrieve and/or set cookies 
     ‘Do the necessary work to store all the information I need into the database 

   Else
    If Not Request.QueryString(“Session_id”) Is Nothing Then

      ‘Retrieve from query string the session id and
      ‘put the session id embedded in all relative links in the page

      ‘Do the necessary work to store all the information I need into the database

    Else

      ‘Generate a new session id and
      ‘put the session id embedded in all relative links in the page

      ‘Do the necessary work to store all the information I need into the database

    End If
 

   End If

.
.
.

 End If
End Sub

What do you think about this solution?

Thank you

 

[ca8msm]

It's theoretically a good solution but I'm not sure if it will work in practice. As far as I know, the Request.Browser.Cookies property will return a Boolean based on whether the users browser is capable of accepting cookies (not wether they actually have them enabled or not).

It may work if you went about it the other way though (i.e. check for the existence of a session ID in the querystring and if not then use a cookie). However, sessions without cookies can be quite painful sometimes especially with regards to links (as if you used an absolute link, a new session ID will be generated).


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 

[ericnet]

Hi ca8msm,

As far as I know, the Request.Browser.Cookies property will return a Boolean based on whether the users browser is capable of accepting cookies (not wether they actually have them enabled or not).

You are right, I have to change the logic to solve this.

However, sessions without cookies can be quite painful sometimes especially with regards to links (as if you used an absolute link, a new session ID will be generated).

I don’ t understand very well what you mean. When adding a parameter to an absolute link it doesn’ t work? If so, which would be the solution?

Or if you prefer, in my exposed case in which I have to store user activity data into the database along every visit to the website, what technique or system you would use? Or simply, What you would do?

Thank you

 

[ca8msm]

What I meant with regards to links is that if you had this on your site:

<a href="[URL unfurl="true"]http://www.mysite.com/index.aspx">Index</a>[/URL]

Then each time the user clicked the link, a new session ID would be created. Instead, you'd have to use relative links e.g.

<a href="index.aspx">Index</a>

which can sometimes be a bit of a pain (like with URL Rewriting for example).


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 

[ericnet]

I don’t have experience rewriting URL’ s, and most probably you are right. I chose hat solution because I thought that the technique to “maintain” session (or simulate cookie functionality) with query string needed rewrite URL’s. Could you explain me if this is needed to use query string approach?
This is the article where I got the idea:

http://uk.builder.com/architecture/web/0,39026570,20273890,00.htm

What do you think?

 

[ca8msm]

That's not the kind of URL Rewriting I was referring to. What I meant was when you implement a handler to re-route pages that don't exist but are easier to remember for the user.

For your situation, I just meant that it's something you need to take into account (when creating links) as an absolute link will restart the session for the user.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 

[ericnet]

Ok, thank you very much!

I will implement query string for my purpose, since I think is one of the best alternatives to cookies or to use it in conjunction with cookies. I visited amazon (

http://www.amazon.com/gp/homepage.html/102-1447343-9732109)

and seems to use query string for this purpose, as you can see at the end of that URL

 

[ericnet]

Only one important thing:

It wouldn’ t be better simply open a session variable (ASP.NET session object) for every visit to the website? And store the userId and sessionId in that server variable so that when necessary store in the database all the user and session activity?

Because I was told that if I use session object, if user has the cookies disabled the server handles the situation embedding the session id in the URL automatically, and if user has cookies enabled then server uses cookies normally. Is this true?

 

[ca8msm]

Yes, that's what happens but if the user has cookies disabled, then I believe (although I haven't tested it) a link with an absolute path won't hold the session id like a link with a relative one will so they will end up with a new session.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.