Session Management in ASP.Net
I am trying to use a widget which helps to create ajax calls towards the server and is linked with the web application which uses state service mode for restore session. I need to verify it while making ajax call that is state service checking the validity of user session. Can you provide some example of session management in asp.net.
Re: Session Management in ASP.Net
Session Management is fundamental to any web application. In the article we shall try to understand what goes on beneath the hood of HTTP headers for session management.
Session management in ASP.NET can be done in two ways:
Using Cookies
Encoding of URLs with Session ID
Let’s try to understand both these methods by analyzing the HTTP headers sent between the browser and Server.
Re: Session Management in ASP.Net
Let’s say the browser makes a request to a server. This is the first request from the browser to the server. For e.g. for a request: http://localhost/WebApplication1/WebForm1.aspx the HTTP request header sent by the browser would be as shown below:
Code:
GET /WebApplication1/WebForm1.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; .NET CLR 1.1.4322)
Host: localhost
Connection: Keep-Alive
Let’s try to understand this header information. The first line shows the type of HTTP request (GET/POST/HEAD) etc, followed by the URL of the resource. The second line declares the MIME type which the browser is capable of handling. The third and fourth lines show the default language and encoding. The fifth line contains information about the browser. This information may be used by the server to identify the browser from where the request is coming. The sixth line contains the address of the server to which the request is made. The seventh line indicates that the browser would keep the connection alive for future requests. The response send back by the server would consist of a HTTP response header and response body. The response header would look something like this:
Code:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 07 Jan 2004 09:31:07 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=ll345q550ozqll45qithgi45; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8 Content-Length: 540
Re: Session Management in ASP.Net
or cookie-less Session handling we need to set the ‘cookieless’ attribute to ‘true’ in web.config.
Code:
<sessionState mode="InProc" cookieless="true" timeout="20" />
Now let’s make a request, for e.g. http://localhost/WebApplication1/WebForm1.aspx and have a look at the request header. Note: Open a new instance of the web browser, so that the old session ID is used. The request header is as shown below.
Code:
GET /WebApplication1/WebForm1.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; .NET CLR 1.1.4322)
Host: localhost
Connection: Keep-Alive
But is very interesting to see what the browser returns. The response returned by the browser is as follows
Code:
HTTP/1.1 302 Found
Server: Microsoft-IIS/5.0
Date: Wed, 07 Jan 2004 10:25:25 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /WebApplication1/(bcgmybvma1y45czof4me3sq4)/WebForm1.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 174
HTML Code:
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/WebApplication1/(bcgmybvma1y45czof4me3sq4)/WebForm1.aspx'>here</a>.</h2>
</body></html>
Re: Session Management in ASP.Net
ASP.NET provides three modes of session state storage controlled by mode attribute of <sessionState> tag in your web application’s Web.config file. Below is a sample of this tag:
Code:
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20" />