When we add a variable to ASP.NET Session, where are those variables actually stored on the client side?
+8
A:
If your using the default session is asp.net then it is stored in memory inside the asp.net worker process. It is a server side cache, nothing at all to do with the client. There are other session store options available such as dedicated session state machine or sql server. You can also roll your own session provider.
All explained here http://msdn.microsoft.com/en-us/library/ms972429.aspx
redsquare
2008-10-23 10:22:47
+2
A:
The session is stored on the web server and not the client. ASP.NET usually stores a key to the session in a cookie and uses this to identify your session next time you contact the web server.
Joel Cunningham
2008-10-23 10:25:54
+2
A:
The client is given a cookie to identify it (ASP.NET_SessionId) but all the values are stored on the server.
If you use Firebug or Fiddler you can see this being set. You can see what the value is by using Session.SessionID.ToString()
As redsquare suggests the default configuration is to store all the values in the memory of the server (one reason to limit what you store in session) but you can also store it in sql server, state server or your own provider if you wish,
If you alter the value in the identifying cooking then it will alter who the server thinks you are when it comes to returning session variables. We use this feature to help us debug what is in users sessions.
I think also the identifying session cookie has a property called something like HttpReadOnly set so it cannot be read from javascript for security reasons.
alexmac
2008-10-23 10:35:23