locked
What is the difference between the ASP.NET Session and browser Session RRS feed

  • Question

  • User430178104 posted

    Hi,

    Is there any difference between the ASP.NET Session (HttpSessionStateBase) and browser session (default session id between the browser and IIS).

    Tuesday, March 10, 2015 6:26 AM

Answers

  • User1644755831 posted

    Hi pathipati,

    Web is stateless, which means a new instance of a web page class is re-created each time the page is posted to the server.  As we all know, HTTP is a stateless protocol, it can't hold client information on a page. If the user inserts some information and move to the next page,  that data will be lost and the user would not be able to retrieve that information.  Session provides a facility to store information  on server memory. It can support any type of object to store along with our own custom objects. For every client, session data is stored separately,  which means session data is stored on a per client basis.

    ASP.NET uses an 120 bit identifier to track each session. This is secure enough and can't be reverse engineered. When a client communicates with a server, only the session ID  is transmitted between them. When the client requests for data, ASP.NET looks for the session ID and retrieves the corresponding data.

    Hope this clarifies what you want to know.

    With Regards,

    Krunal Parekh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 10, 2015 10:04 PM

All replies

  • User-760709272 posted

    I don't really know what you mean by "browser session", but the answer is probably "yes".  The session state itself is held on the server and the session's id is held in a cookie on the client.  That cookie is sent with each request which lets IIS know which session is valid for that user.  HttpSessionBase is a base class that lets you create objects that act like the session.

    Tuesday, March 10, 2015 6:38 AM
  • User537870505 posted

    Both are same. Technically, browsers don't maintain any session per-se; it is the server (here, ASP.NET) that maintains sessions and identifies each session with a session ID. This is the session ID that is passed to the browser.

    Tuesday, March 10, 2015 9:29 AM
  • User1644755831 posted

    Hi pathipati,

    Web is stateless, which means a new instance of a web page class is re-created each time the page is posted to the server.  As we all know, HTTP is a stateless protocol, it can't hold client information on a page. If the user inserts some information and move to the next page,  that data will be lost and the user would not be able to retrieve that information.  Session provides a facility to store information  on server memory. It can support any type of object to store along with our own custom objects. For every client, session data is stored separately,  which means session data is stored on a per client basis.

    ASP.NET uses an 120 bit identifier to track each session. This is secure enough and can't be reverse engineered. When a client communicates with a server, only the session ID  is transmitted between them. When the client requests for data, ASP.NET looks for the session ID and retrieves the corresponding data.

    Hope this clarifies what you want to know.

    With Regards,

    Krunal Parekh

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 10, 2015 10:04 PM