Question on Session

  • Thread starter Thread starter michdoh
  • Start date Start date
M

michdoh

HI

We currently are running an MCMS 2002 web site on windows 2000. dot.net
framework 1.1.

I'm looking to use the asp.net session to keep a user logged in after
authentication. This seems pretty straight forward but I have a couple
of general questions about the asp.net session object if any one can
help.

Firstly i'm new to this so I apologise if I'm being stupid.

1: If a user logs on to our site, autheticates and then, within the
same session, navigates to web site that does not run on the dot net
framework, will the asp.net session token (which I believe is stored in
a cookie or nested in the URL) be deleted?

2: I assume every web server (Apache etc) creates it's own type of
session Identifier, can these co-exist during a single browser session?

Any help is greatly appreciated

Mikey
 
HI
We currently are running an MCMS 2002 web site on windows 2000. dot.net
framework 1.1.

I'm looking to use the asp.net session to keep a user logged in after
authentication. This seems pretty straight forward but I have a couple
of general questions about the asp.net session object if any one can
help.

Firstly i'm new to this so I apologise if I'm being stupid.

1: If a user logs on to our site, autheticates and then, within the
same session, navigates to web site that does not run on the dot net
framework, will the asp.net session token (which I believe is stored in
a cookie or nested in the URL) be deleted?
Click to expand...

The cookie is remembered by the browser, until that browser is closed.
When the user navigates again to your web-app, that cookie will be sent
again. If this request is within the session-timeout limit (default 20
minutes), then the user will continue in the original session.
2: I assume every web server (Apache etc) creates it's own type of
session Identifier, can these co-exist during a single browser session?
Click to expand...

Maybe the various servers use their own names for the session cookies
(asp.net seems to use a name with a random part). However, the cookies
also contain a "domain" parameter (usually the name of the webserver).
It is entirely possible to have separate cookies with the same name for
different domains. The browser will only send cookies whose domain name
matches the url.
 
Thanks Hans, Good Info

Hans said:
The cookie is remembered by the browser, until that browser is closed.
When the user navigates again to your web-app, that cookie will be sent
again. If this request is within the session-timeout limit (default 20
minutes), then the user will continue in the original session.


Maybe the various servers use their own names for the session cookies
(asp.net seems to use a name with a random part). However, the cookies
also contain a "domain" parameter (usually the name of the webserver).
It is entirely possible to have separate cookies with the same name for
different domains. The browser will only send cookies whose domain name
matches the url.
Click to expand...
 
Back
Top