I am now converting a website that uses cookies and session variables to one which uses no session variables and cookies only on an opt-in basis (for autologin purposes). I'm adapting concepts from A Scalable Alternative to Session Variables, By Scott Sargent.

This is a matter of using your own SessionID (such as a SQL 7 column of uniqueidentifier type) and after setting it (e.g. to NEWID()) on the first page view, checking a database for it on each page request after that.

I think using GUID numbers as a SessionID this way for maintaining state is a good idea.

I'll be applying this method to the TNS web even though it uses Access.

The MS SQL 7 NEWID() will give a hex value as 32 digits (taking up 16 bytes) and the value is passed in a format such as:

43D1D149-482F-11D5-B9B8-009027DC52BE

The number is guaranteed unique for any computer (it is based in partly on the MAC number which is unique and encoded into every NIC), anywhere, and at any time withing 100 years.

For Access, this type of number can be generated on a random digit basis (0-F) for each of the 32 character positions.

-- Anonymous, May 24, 2001