Does a session get created for every page request ? even though we don't have any forms authentication enables or any session objects created in the application ?
Asked
Active
Viewed 2,700 times
2 Answers
1
From Microsoft Docs:
The SessionID property is used to uniquely identify a browser with session data on the server. The SessionID value is randomly generated by ASP.NET and stored in a non-expiring session cookie in the browser. The SessionID value is then sent in a cookie with each request to the ASP.NET application.
So, when a browser requests a resource which requires session state, if the Session State Module cannot find an existing session ID (either in the ASP.NET session cookie, or in the URL in the case of cookieless sessions), then a new session ID is created and returned in the session ID cookie.
The session ID is used to retrieve a set of session state values (commonly known as "session variables"). Data stored in such a "variable" will remain available as long as the session exists. If the session times out, or if the AppDomain restarts, or if the cookie becomes unavailable, then the session "variable" will contain null. Code using session state must be prepared for this:
bad code:
string user = Session["User"];
int length = user.Length; // NullReferenceException if session was expired
better code:
string user = Session["User"];
if (user == null) {
// Do without the user information
} else {
int length = user.Length; // User information is available
}
John Saunders
- 160,644
- 26
- 247
- 397
Black Frog
- 11,595
- 1
- 35
- 66
-
-1: the quote is accurate, but your explanation doesn't match the quote. – John Saunders Mar 29 '14 at 18:13
-
No, it has nothing to do with connections – John Saunders Mar 29 '14 at 18:15
-
But what if the page doesn't even access the `Session` object. Will a session be created anyway? It's about the cookie that goes out to the browser. I think it doesn't have to be there if the application won't make use of it. – ygoe May 24 '14 at 20:12
-
I have a doubt , Lets say, I just created a `AboutUs` page in asp.net Mvc application which just returns a `View` , Will this create a new session for the request for the user or does Session is created using the code in our application like form authentication ? – Shaiju T May 18 '18 at 07:42
0
Session state data is shared across all the data forms but for the sing user global data.
Declaration For the session :
Session["Key"] = "value";
Session data are stored on the server side.
Session state variables are declared when session times out.
By default time out for session is 20 minutes.
For Example :
**If you are using session & you are executing the first session web form & suppose you have navigated your page from web-form 1 to web-form 2.
Then Session output will be the same.
If suppose your o/p for web-form 1 is "2".
Then if you have closed the browser & copy and paste the same URL to another browser.
then you will notice that o/p will be the same Because In your URL session ID is present.
there for it will have the same o/p.
This is very Important to understand about session if you want to use the session in your application.**
ie session data session state data shared across all the web-form but only fr single user.
For every session Unique session ID is generated.
But is you have changed your session then new session ID is generated meaning it is only for single user.
Hardik Parmar
- 1,053
- 3
- 15
- 39
-
I understood that a Unique SessionID is created for an application when the first request goes to server , and that maps as a unique identity for a user and his respective session objects if any . Let me know if any correction on my understanding. Thanks for all responses. – Shekar Mar 30 '14 at 14:45
-
Yes you are absolutely right, Shekar. But One thing to keep in mind is that if you want some data from one webpage to another webpage then It is very useful. – Hardik Parmar Mar 30 '14 at 14:51