Is there a cookie automatically placed on the user's machine? Or is it somehow associated with the requester's IP address? Or maybe in the ViewState? Elementary question, I know, but I've had a hard time finding an answer.
+1
A:
It's called ASP.NET_SessionId.
For a local app, mine's currently
ASP.NET_SessionId=kxt1dee1laeuq445pyzjvv55; path=/; domain=localhost; HttpOnly
You can make it use URLs, but it gets messy really quickly.
David Kemp
2008-11-20 17:12:17
+4
A:
In IIS, under ASP.NET's configuration there is a State Management Tab which has a setting called "Cookieless mode" which has the options of:
UseUri
UseCookies
AutoDetect
UseDeviceProfile
Typically, "Use Cookies" is selected and thus a cookie is used.
JB King
2008-11-20 17:14:14
A:
Here is an MSDN Overview article that describes the process and what options you have:
ASP.NET Session State Overview
In particular, note at the bottom that if your user's authenticate to access your site, you should do an Abandon of the session upon logout so that session states don't persist.
CMPalmer
2008-11-20 17:23:37