Software Technology Tips

The Session state in any web technology depend on cookie at the client end to store and resend session id back and forth between client browser and web server.
But Asp.net also supports cookieless sessions with the following attribute addition in the web.config within system.web node.
 
 
 
With the above config setting, it carry the session id in the page url instead of cookie.
 
Please take a look at the following two page's Page_Load method code before we run them in both normal and cookie less mode.
 
Default.aspx
    protected void Page_Load(object sender, EventArgs e)
    {
        Session.Add("CurrentClient", "Machine A");
        Response.Redirect("ShowSession.aspx");
    }
 
ShowSession.aspx (with a label lblShowCurrentClient )
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["CurrentClient"] != null)
        {
            lblCurrentClient.Text = "You are accessing it from " + Session["CurrentClient"].ToString();
        }
        else
        {
            lblCurrentClient.Text = "You are directly accessing this page, so no session created.";
        }

    }

In normal session mode,
Lets access the default page with the URL http://a.b.c.d/CookieLessSession/Default.aspx from a client (Say Machine A).
--- It will create the session and will redirect to http://a.b.c.d/CookieLessSession/ShowSession.aspx . The ShowSession.aspx page will show "You are accessing it from Machine A".
--- If you directly access the ShowSession.aspx url from any other machine/ browser instance, then it will show "You are directly accessing this page, so no session created. "
 
After you do the web.config change to use cookieless session mode,
If you access the default page http://a.b.c.d/CookieLessSession/Default.aspx from machine A,
--- It will create the session and will redirect ShowSession.aspx page, but with a little different URL like the following.
        http://a.b.c.d/CookieLessSession/(S(5gnky055noa2vfnmdnspjgav))/ShowSession.aspx . The ShowSession.aspx page will show "You are accessing it from Machine A".
--- Here the /(S(5gnky055noa2vfnmdnspjgav))/ part of the URL carry the session id. 
 
FAQ: Now the session is cookie independent. So what will happen if some one visit the ShowSession.aspx page with the above URL (along with session id) from another machine, say Machine B?
A: Till the session out time reached, if some one from 'Machine B' access the page with same session id (created by 'Machine A') in the URL, he/she will see the session created using Machine A.
 
Directly accessing http://a.b.c.d/CookieLessSession/(S(5gnky055noa2vfnmdnspjgav))/ShowSession.aspx from Machine B will show:
"You are accessing it from Machine A"
 
Assuming the site hosted as http://a.b.c.d/CookieLessSession :


Related Tags:

ASP.NET

Author: Sumit Dhal

ASP.NET

Let us Connect!

iso 9001 QA25 Red Herring STPI D&B Fastest Growing SME 2013 Award zinnov Nasscom

This site uses cookies. We respect your privacy.copyright (c) Mindfire Solutions 2007-2015. Login