ASP.NET Session State enables
us to store and retrieve user information as user navigates from one page to
another. User information is stored in server memory for limited period of
time, and information of each client is stored separately. By default Session
state is enabled for all Asp.Net application.
user is idle for limited period of time then Session for that user will expire. By default the timeout period of
session state is 30 minutes, but if we need we can change the timeout period
variables are stored in a SessionStateItemCollection object
that is exposed through the HttpContextSession() property. The collection of
session variables can be indexed by the name of variable or number index.
Session["FirstName"] = FirstNameTextBox.Text;
Session["LastName"] = LastNameTextBox.Text;
// When retrieving an object from session state, cast it to
// the appropriate type.
ArrayList stockPicks = (ArrayList)Session["StockPicks"];
// Write the modified stock picks list back to session state.
Session["StockPicks"] = stockPicks;
are identified by a unique identifier which can be read by using SessionID() property of Session. If session
is enabled for ASP.Net, each time request for a page is sent form user session
id is examined. If session id is not supplied then new session id for that
request is created and is sent to the browser with response.
default session id is stored in cookies but we can also store it in URL for cookieless session.
A session is considered active as long as requests continue to be made with the
value. If the time between requests for a particular session exceeds the
specified time-out value in minutes, the session is considered expired.
Requests made with an expired SessionID()
value result in a new session
default, the SessionID()
value is stored in a non-expiring session cookie in the browser. However, it
can be specified that session identifiers should not be stored in a cookie by
setting the cookieless attribute to true in the sessionState section of the Web.config file.
Web.config file that configures cookieless session
maintains cookieless session
state by automatically inserting a unique session ID into the page's URL.
unique session id is “lit3py55t21z5v55vlm25s55” which is added to the URL.
session state supports several storage options for session variables. Each
option is identified as a session-state Mode() type. The default behavior
is to store session variables in the memory space of the ASP.NET worker
process. However, we can also specify that session state should be stored in a
separate process, in a SQL Server database, or in a custom data source. If we
do not want session state enabled for your application, you can set the session
mode to Off().
following list describes the available session state modes:
- InProc mode, which stores session state in memory on the Web
server. This is the default.
- StateServer mode, which stores session state in a separate
process called the ASP.NET state service. This ensures that session state is
preserved if the Web application is restarted and also makes session state
available to multiple Web servers in a Web farm.
- SQLServer mode stores session state in a SQL Server
database. This ensures that session state is preserved if the Web application
is restarted and also makes session state available to multiple Web servers in
a Web farm.
- Custom mode, which enables you to specify a custom storage
- Off mode, this disables session state.
provides two events, Session_OnStart and Session_OnEnd.
The Session_OnStart event
is raised when a new session starts, and the Session_OnEnd event is raised
when a session is abandoned or expires. Session events are specified in the Global.asax file
for an ASP.NET application.
Session_OnEnd is only supported in InProc mode, so inorder to
use Session_OnEnd session
mode should be set to InProc mode.