Session State In ASP.NET

Session State is one of the important state management variable in Asp.Net. It’s working on server side. Advantage of session state is that once you store your data in session and access that data from anywhere in the application across multiple pages. Advantage of session state over cookies is that session can store any type of data as well as complete dataset whereas cookies can store only small amount of data.

When you use session then session create a cookie on browser that name is Asp.Net_SessionId to detect correct user to provide associate information across multiple pages. Session state store user information on Web server not on browser like cookies.

Create Session

A new session can be created by specifying session name in session variable. For example, in below code we are creating a new session that name is UserName. In this session, we are storing simply a string value programidea. You can store any type of object data in session state.

Read Session Value

Once you created session then, you can retrieve stored object in session from anywhere in the application. Use below code to retrieve your session data from any page in the application.

Session End

You can stop user session any time in the application. You have three option to stop user session.

1. Abandon - End user session in the application.

2. Remove - Remove a particular session in the application.

3. Clear - Clear all session object.

Control Session Timeout

When you are using session then session will expire after specific time. This time is known as session timeout. Default session timeout value is 20 minutes. But you can increase session timeout using session's TimeOut propery by declaring on page or in Web.Config.

Disable Session

If you want to disable session then you can disable session from page or from Web.Config.

On page directive use EnableSessionState to false.

In Web.Config file set session mode Off.

Session Property

Session state have following properties:

Demo:

Session Configuration

You can set all session properties in Web.Config

Session Mode

Session state stores session data in multiple location that depends on session mode. You should know about session mode, so that you can use appropriate mode to store session data. Session have followings modes:

Cookieless Session

Session state internally uses cookies to store user information. Asp.Net framework uses Asp.Net_SessionId cookies to identify user, so that specific user information associate with correct user.

Every browser providing cookies enable disable facilities. Suppose if any user disables their cookies on browser then session state does not work. In that condition you can take advantage of cookieless session that store user session Id in page url instead of cookies. So you session is working even if cookies is disabled from browser.

Its look likes below url:

For enable cookieless session, you have specify in Web.Config. Use cookieless attribute of sessionstate in Web.Config.

We suggest you that use autoDetect, because its add session Id in page url when cookies disabled on browser otherwise its uses cookies.

Here we demonstrating that how cookieless session is working when you disable cookies from browser. First we are using normal session and after that we will disable cookies from browser and see how cookieless session will work.

Demo:

Use regenerateExpiredSessionId for better security purpose.

Session Event

Session State have two events that raised in global.asax

1. Session_Start

2. Session_End

Session_Start fires after whenever a new session is starts in the application and Session_End fires after whenever session abandoned or expired.

We used Lock and UnLock application object because multiple user could potentially access the same item in the application state at the same time.