Date:  11/28/2006 09:59:17 PM Msg ID:  003228
From:  John Sullivan Thread:  003226
Subject:  Re: When is Session ID assigned?
Thanks for the quick reply. It seems like setting an unique cookie is the way to go. It sounds like the Session object depends on cookies being enabled for the browser just like the GetCookie / SetCookie methods. What method would you recommend to determine if cookies are enabled for a browser so I can tell the user?

Thanks,

John



Sent by FoxWeb Support on 11/28/2006 08:56:14 PM:
If you don't need to store any session variables, then you should not be using the session object, because it's not as efficient as simply creating your own unique session ID and sending it as a cookie.  You can write your own code to generate these cookies, or you can simply use the session id that FoxWeb creates.  The following code uses a cookie, named "MySessionID" to store session IDs.  It first looks for this cookie, and if it can't find it, it creates one.  Subsequent requests from the user will return this cookie:

IF EMPTY(Request.GetCookie("SessionID"))
    * This is a new session
    Response.SetCookie("SessionID", Session.GetSessionID(), , '/')
ENDIF

Regarding the length of Session IDs, in most cases they will be 11 characters, but the algorithm that generates them uses random numbers for the first 6 digits, so it's possible that they will be shorter.

FoxWeb Support Team
support@foxweb.com email

Sent by John Sullivan on 11/28/2006 11:42:37 AM:
The Foxweb documentation states "A new session id is assigned to the same user after each request, unless the session is committed, by associating at least one session variable with it. "

Does this mean I need to use at least one Session.SetVar to create a consistent session for a visitor to my web site? If I use the Session.GetSessionID() does this set a session ID for the visitor, which will remain consistent until the  session timeout is reached or until I execute Session.Abandon?

I tested the session ID and on one test it was 10 characters in length and another it was 11 character. Why would this happen and is this normal? What I did was to retrieve the session ID using GetSessionID and then saved it to a file using the VFP Strtofile function. I reviewed the session ID after each test to see exactly what was saved in the file.

Why would the session ID length vary? It did not vary while in the session. If it started as a 10 character unique string it remained 10 characters. But creating a new session later showed it as an 11 character string for the new session.

What I want to do is use the session ID to create a shopping cart method for saving information to use from page to page.

Thanks for your help. By the way, I love Foxweb!

John Sullivan