Menu
Currently I am using this in my web.config:
<sessionState mode="InProc" cookieless="UseCookies" timeout="60" />
My question is what is the difference between UseCookies and false in cookieless attribute? It is confusing for me.
594
By default, the SessionID value is stored in a non-expiring session cookie in the browser. If you specify cookieless="true" then: ASP.NET maintains cookieless session state by automatically inserting a unique session ID into the page's URL.
In Cookie-less Sessions, the values that are required to associate users with their sessions are appended to the browser's URL. Session. As we know HTTP is a stateless protocol and every request to a web page is treated as a new request. Session is a way of maintaining the state of a page.
config or Web. config configuration file identified by the sessionState tag. When a new client begins interacting with a Web application, a session ID is issued and associated with all the subsequent requests from the same client during the time that the session is valid.
What is Cookieless Authentication? Cookieless authentication, also known as token-based authentication, is a technique that leverages JSON web tokens (JWT) instead of cookies to authenticate a user. It uses a protocol that creates encrypted security tokens. These tokens allow the user to verify their identity.
From, http://msdn.microsoft.com/en-us/library/ms972429.aspx (2000, written in .NET 1.0)
Cookieless. The cookieless option for ASP.NET is configured with this simple Boolean setting.
Now, from: http://msdn.microsoft.com/en-us/library/aa479315.aspx (2005, written in .NET 2.0)
- "UseCookies": As this name implies, the cookieless feature will never be used.
- "UseUri": The cookieless feature will always be used.
- "UseDeviceProfile": Depending on the browser making the request, the cookieless feature may or may not be used. If ASP.NET recognizes that the browser does not support cookies, then the cookieless feature will be used. Technically speaking, the two Boolean variables Request.Browser.Cookies and Request.Browser.SupportsRedirectWithCookie must both be true for ASP.NET to assume that cookies are supported by the browser.
- "AutoDetect": In this setting, ASP.NET attempts to detect whether the browser supports cookies or not. The algorithm is a little complex, and I'll lay it out in pseudo code. (The algorithm is subject to change in future builds).
As we can see, this boolean mode "true" or "false" was probably deprecated
So if "false" and "true" values still work nowdays (for .NET framework 2.0 and above) I guess when you set "false" it assumes that will be used cookies for storing session identifier as UseCookies and "true" will assume that you don't want to store cookies as UseUri.
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
