0

Does anybody know about support of cookieless session in current and next versions of ASP.NET or ASP.NET MVC?

They say that cookieless session aren't recommended (that is clear why) and are deprecated. But I can't find any official confirmation, any like from Microsoft web sites, or ASP.NET blogs, roadmaps or anything official.

Regfor
  • 8,515
  • 1
  • 38
  • 51
  • Have you tried simply installing ASP.NET 5 and trying it out? – mason Nov 17 '14 at 13:32
  • [This article](http://www.c-sharpcorner.com/UploadFile/deepak.sharma00/using-cookie-less-session-in-Asp-Net/) was published 2 years ago describing how to implement cookie-less sessions in a WebForms application. Did you try [searching Google](https://www.google.com/search?q=asp.net+mvc+cookieless+session&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb)? – Greg Burghardt Nov 17 '14 at 13:32
  • can i know the plus of cookie-less session – dazzling kumar Nov 17 '14 at 13:33
  • http://stackoverflow.com/questions/21638446/asp-net-mvc-and-using-cookieless-sessions – Abhitalks Nov 17 '14 at 13:37
  • 2
    Cookieless sessions are horrible and should be done away with. Personally, I'd say move on. As you've stated, even if you can do them in vNext, they're deprecated, which means you'll have to abandon them eventually, anyways, going forward. Other than that, I second @mason: install and test yourself. – Chris Pratt Nov 17 '14 at 14:06
  • @ChrisPratt That is what I am looking for. Some confirmation like link from Microsoft site or roadmaps or some blog posts etc. that they are deprecated. I haven't yet found such. – Regfor Nov 17 '14 at 15:27
  • @mason it is going more about future roadmaps rather than current vNext ASP.NET 5. Cookieless sessions are supported in ASP.NET 5 – Regfor Nov 17 '14 at 15:28
  • @Regfor I don't understand your question then. You know it's deprecated, so that means at some point it will be removed. You asked about support in current and next versions of ASP.NET and MVC. It's easy to find out about those by simply looking at them. If that's not what you're asking, then please make your question clear. – mason Nov 17 '14 at 15:30
  • @abhitalks in linked SO answer there is no confirmation about is it deprecated or not, just subjective opinion of author not yet confirmed with anything – Regfor Nov 17 '14 at 15:30
  • @mason Actually question is about deprecated it or not. And some confirmation with link. Currently I know that cookieless session is not deprecate despite not recommended to use – Regfor Nov 17 '14 at 15:32
  • Are you asking for internal Microsoft plans? Stack Overflow would not be the place to ask for that. You should ask Microsoft. – mason Nov 17 '14 at 15:35
  • @mason And where is right place to ask Microsoft? Except Microsoft Forums where I will post similar question – Regfor Nov 17 '14 at 15:38
  • [Forums](http://forums.asp.net/), [Blogs](http://www.asp.net/community/microsoft-blogs), [Jabbr](https://jabbr.net/), [Twitter](https://twitter.com/aspnet), – mason Nov 17 '14 at 15:42
  • If its not on the vNext roadmap, then Microsoft themselves dont know. The point is its not recommend for use, so nothing else truly matters. Regardless if they deprecate it now, next year, or 10 years, if from now, if Microsoft says dont use it, dont use it. – Chris Pratt Nov 17 '14 at 15:45
  • @ChrisPratt Actually Microsoft is not saying don't use it. There is cookieless authentication (not the same as cookieless session) and there are some confirmations that Microsoft is clear writing "don't use it". But about cookieless session Microsoft isn't saying "don't use it" – Regfor Nov 17 '14 at 15:51

1 Answers1

0

I am not sure where you heard about cookieless beind deprecated. If you can remember the article, please share.

Cookieless, as the name implies, is the last resort when the client does not allow cookies. It is used to authenticate the client. It is not secure and is not recommended for Internet Web Sites. I guess, It could be OK for secured networks (i.e. internal web sites). However, even there you should think about forcing cookies and use other security measures.

http://www.asp.net/aspnet/overview/web-development-best-practices/what-not-to-do-in-aspnet,-and-what-to-do-instead#cookieless

Roman Mik
  • 3,179
  • 3
  • 27
  • 49