hi,

even though I have been hearing about session and cookies used for maintaining state for so long time, but until now I still very confuse about these two.

Can't anyone of you explain to me in details???

Thanks !!!

Well, to the best of my knolegde, without refferance from a site, I can tell you that a cookie will store veriables in a file that is on the clients computer for you to call, and grab the information.
Make sence?

I believe a session has a time limit before the users info is deleted and the user has to, login again, resubmit a form, refresh his time.

I am stilla little fuzzy about what I can do with these, but that's as much as I am pretty sure of..

Session variables are lost once the user closes their browser while cookies can be set to retain the variables almost indefinitelty (provided the user doesn't delete them).

Cookies can be useful for login pages so a user doesnt have to enter their information every time they visit your site. I would use cookies if you expect users to return regularly to your site and would like to customize their browsing experience. Once they are logged in the next time they view your site you can have it welcome them with their user name for example.

Sessions are useful if you have a multipage form for example. You can pass variables from one page to the next without having to use hidden fields. Like I said though, once the browser is closed the session variables are lost.

The whole cookie/session variable thing is problematic in ASP. In order to pass a session variable, cookies must be enabled on the client's machine.

As much of a pain as it is, i'd suggest passing hidden form fields at every step (but if you do it right, that will only be one step!).

There is an easy way... but this example will overwrite or append to any existing form fields that are passed from the previous page. Suggest a method of looking for an existing value that may need to be removed or moved to the new form. For example, if your form has a field for an email addy, and the previous pages passed the email addy... with this you will receive "emailaddy, emailaddy" when the new form is submitted. (Whew! I think I just confused myself.)

This works well if you know a form field will not be duplicated. I use it to pass QueryString and form data to a log in page if a user is not logged into an area that requires authorization. So, if they clicked a link with a QS, all that data isn't lost when they are forced to login first. Works great... for me.


for each x in Request.Form
response.write"<INPUT TYPE=hidden NAME=" & x & " VALUE=" & Request.Form(x) & ">" & vbCrLf
next