Pros and cons of cookieless sessionState

[millerk]

Can anyone tell me the pros and cons of using a cookieless sessionState? I can't seem to find any answers on this. I'm writing apps for a corporate intranet where everyone is using IE 5.0 so using cookies shouldn't be a problem. Is there any advantage in going cookieless?

Thanks

 

[Isadore]

Mill: Should get a variety of answers on this question. Obviously, the limitations of the Session State primarily are concerned with the use of Server resources, especially if DataSets are held in Session. Advantages for smaller amounts of information in Session over cookies (which I'm not too familiar with) is that the Session state is not affected by those who turn off or set security levels such that cookies may not be saved on their hard drive, etc... You can limit the Session state by saving variables and then use the Session.Abandon protocol to quit the Session state, not sure if you need to "clear" the Session variables before abandoning the Session state but at any rate you can turn on and off the Session state to save Server resources. Again, the biggest concerns that I have seen with cookies is the potential for a client side computer to "prevent" cookies from being stored, or to delete them unexpectedly, etc... Just a few thoughts -- I'm only a beginner.

 

[millerk]

I'm not storing anything in session variables. The only reason I need to use the SessionState is to do some file cleanup when the Session_End event fires. I don't think I'll have a problem with using cookies because everyone here is on a corporate image with a standard version of IE 5.0. I'm just wondering if there is any reason for me to go cookieless or not.

Thanks

 

[Zarcom]

There is no reason to that I know of Miller. I would continue with cookieful :-D sessions.

A quik note to Isadore. You really shouldn't store datasets in the session for any reason. It decreases your scalability greatly. Yes I know that the .Net stuff has garbage cleanup and such but, it is still a huge drag on the system. That'l do donkey, that'l do

 

[link9]

and session does require cookies, and users can turn them off.

There are two flavors of cookies... I'll defer to the FAQ submitted by vasah20 from the ASP Classic forum for more info on the differences:
faq333-863

You can check your cookie settings in IE to see what I mean.

good luck!
paul

 

[millerk]

Someone correct me if I'm wrong, but I don't believe session requires cookies as link9 stated. When cookieless is set to "true", the session ID is added to the URL so when the page is posted back, the server pulls the session ID from the URL like a querystring instead of from a cookie.

 

[link9]

**smack**

Yes. You are correct. With "cookieless", then no cookies. I just jumped right in there, didn't I. ;-)