31

Please any one suggest me how the session is actually work in asp.net? I am confuse in part of session and want to briefly knowledge of it so please guide me

Pratik
  • 11,534
  • 22
  • 69
  • 99
coolbudy
  • 311
  • 1
  • 3
  • 3
  • 2
    Try to read this CodeProject article http://www.codeproject.com/Articles/32545/Exploring-Session-in-ASP-Net – kfuglsang Sep 04 '11 at 11:47

2 Answers2

54

ASP.NET uses a cookie to track users. When you try to write something to the session for the first time a cookie is sent to the client, something like ASP.NET_SessionId. This cookie is sent by the client on subsequent requests. Thanks to this cookie the server is able to identify the client and write/read the associated session data. It is important to note that this cookie is not persistent (wouldn't survive browser restarts) and is emitted with the HttpOnly flag meaning that client scripts cannot access it.

In addition to cookies you could also configure ASP.NET to use hidden fields or append the session id to the query string on each request.

So the base idea behind session is that the actual data is stored somewhere on the server and the client sends some ID on each request so that the server can know where to find its data.

By default there are 3 places where the actual session data can be stored:

  • In-Proc: the session is stored into the memory of the application (fastest but if you have multiple servers in a server farm this won't work)
  • Out-of-Proc: the data is stored into a separate server which has the State service installed (the data is stored in the memory of a separate machine meaning that multiple web servers can work in a web farm)
  • SqlServer: the data is stored in SQL Server (it's the slowest but most reliable as the session data is stored in a SQL Server database and could servive if the Session server crashes which is not the case with Out-Of-Proc)
  • Custom implementation: thanks to the extensibility of ASP.NET you could write your own session provider and store the data wherever you like.

Here's a good article on MSDN which explores the ASP.NET Session State.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • I have a doubt , Lets say, I just created a `AboutUs` page in asp.net Mvc application which just returns a `View` , Will this create a new session for the request for the user or does Session is created using the code in our application like form authentication ? – Shaiju T May 18 '18 at 07:45
4

Session: [Stored on Server side]

1.If you create the session means,the server stores your session data and creates one SessionID . [Session Data with SessionID stored in State Provider in Server]

2.Then the server Returns the SessionID to the client's browser.

3.Then you can store the returned SessionID in Cookie.

4.Upcoming Subsequent request attached with SessionID can access the Server Data.

Note: Session only for current browser Session and user specific.

Vicky
  • 819
  • 2
  • 13
  • 30