Listing 68 Displaying All Cookie Keys and Values eh63aspxes

private void Buttonl Click(object sender, System.EventArgs e) { String[] keys = Request.Cookies.AllKeys; foreach(String aKey in keys) { Response.Write(aKey + "=" +

Request.Cookies.Get(aKey).Value.ToString() + "<br>");

When you click the button, the server will loop through all the keys received from the browser and write each key and value back to the browser. Despite the fact that the Web Form contains no explicit code to add cookie values, you'll see one anyway (see Figure 6.3).

Figure 6.3: ASPSessionID display example

Leave the browser open, copy the URL, start a new browser instance, and paste the URL into the browser. Click the button. This time, the ASPSessionID cookie will have a different value. That id is the SessioniD cookie. It's a value guaranteed to be unique, and it identifies a specific browser instance. The value itself is otherwise meaningless, and it is not reused. Every time you open a browser instance, ASP.NET assigns it a new and different ASPSessionID value. In other words, there is no way to use the ASPSessionID exclusively to identify an individual user without gathering additional information—the ASPSessionID identifies only an individual browser instance.

ASP.NET can also use "munged" URLs to identify individual sessions; however, developers are responsible for inserting the values in each link. This is an onerous burden and is required only for users whose browsers are set to reject cookies. At one time, a large number of people did this, but it's become less common to reject cookies now. A munged URL looks like the following, although it would normally appear on a single line:

http://www.yoursite.com/yourApp/

SESSIONID$012 34 5 67 8 9ABCDEF/somefile.asp

Note that the SessioniD value appears after the root application directory in the URL but before the pathname or filename of the requested file. By placing the SessionID in that position, the ASP.NET engine can parse the URL linearly, first to determine the application and then to apply the SessionID so it can retrieve the appropriate data in the requested page.

Was this article helpful?

0 0

Post a comment