are session("variable") cookies?

[pnj]

I am having a debate w/ a co-worker about this.

I remember reading that session variables are cookies on the server.
does anyone agree w/ me?

got any links on this subject

thanks

[JoshT]

Session variables are store in memory on the server. The client gets one "Session ID" cookie, that the server uses to map the client to the session variables. It is possible to use sessions without client side cookies by making sure every link contains the session id in the query string.

[pnj]

so every time a browser hits a server(runing asp of course) there is at least one session variable set (ID).

right?

what is the scope of this variable?

if the user has session cookies turned off they can view one page (provided that page does not use session variables to display content) but when they click to go to another page will the session("ID") variable be the same? or will a new one be instantiated?


I don't know if that makes sense.....(what i just asked)

[compuGEEK]

The lowdown on cookies:

http://www.4guysfromrolla.com/webtech/110299-1.shtml

[Cander]

Technically you could argue that Session variables are server side cookies, but this false. There is no such thing as a server side cookie. It is a term for a file(physical or in memory) stored on the client to store information for later retrieval. The term cookie is only properly used in this matter. The only cookie session's use isa temporary one sent to the client holding the session id so the server can coordinate which session does with whom.

Session variable scope is site wide for each particuler user. One session may be equal to one value for one person, but a diffrent value for another.

[compuGEEK]

Basically, anything that's used to maintain state will create a client side cookie. Even using the querystring to pass data will create a temporary cookie.

[pnj]

so session variables are stored on the client?
or just the session ID?


so if i turn of session variables on my browser i shouldn't be able to view anysite that is using asp?


now i'm more confused than when i original asked.

[Cander]

sessin variables are stored on server only
session id is stored on client and server.

if you turn off session cookies in IE, session variables will not work

[compuGEEK]

Hi pnj,

Sorry for any confusion - Yes, you are right - If you were to go to a site that uses only session variables to maintain state and you had cookies disabled on your browser, the website would not function properly.

A good example of this would be the WebTrendsLive website. As a webmaster, when I log onto their website
to check my stats, (I always have cookies disabled) I have to enable cookies in order for the login to work. If I don't have cookies turned on, it just refreshes the screen and nothing happens.

With session variables, a cookie is written to the client machine - however, the webserver reserves memory for that user's session ID. Because the webserver reserves memory for each user, it can create problems if your website has lots of users.

[pnj]

that's sorta what i was thinking....

i think one thing that is confusing is people(myself included) think of cookies as text files
but session variables are stored in memory but still refered to as 'cookies' in your browser security setings.

i think i get it now.

thanks for the input

[compuGEEK]