|Number of votes:||3|
Over the weekend I found some time to look more into the much discussed cookie directive – and at the same time think some thoughts about how we can still leverage personalization to make a great user experience on a web site without bothering visitors with accepting a bunch of “Allow Cookie” popups. As so often before, I ended up putting my thoughts into code which you can find on my other blog - http://allantech.blogspot.com/2011/04/cookieless-session-state-in-aspnet.html.
I will here share some of the essentials in case you are ever in need of a web site without cookies.
In essence I found it fairly easy to replace the Session State ID mechanism in ASP.NET with my own provider that doesn’t rely on cookies or messed-up URLs – but simply takes a fingerprint of your browser configuration and IP in order to determine your unique session. It seems to work fairly well, and now I even made a few zip-packages you can use with EPiServer CMS. Just put the assembly in the bin folder of your site and add the attribute sessionIDManagerType="EPiServer.Research.NoCookies.CookielessIDManager, CookielessSessionID" to the sessionState tag in your web.config.
I have only tested this with CMS 6 R2 RTM – but I see no reason why it shouldn’t work all the way back to CMS 5.
This takes care of the ASP.NET Session cookie – while still allowing you to use session state. Session state is among other things heavily used in many of the new built-in criteria for personalization in EPiServer CMS 6 R2. It does not, however, remove any cookies that has already been sat, or replaces any custom cookies (or other EPiServer cookies) on your web site. These are some of the other cookies I often see at an EPiServer site:
I hope you’ll find this information helpful.