Adding a new item named session state that has value Hello
Session[“message”] = “Hello”;
When you use Session state, a session cookie named ASP.NET_SessionId is added to your browser automatically. This cookie contains a unique identifier. It is used to track you as
you move from page to page.
When you add items to the Session object, the items are stored on the web server and not
the web browser. The ASP.NET_SessionId cookie is used to associate the correct data with
the correct user.
By default, if cookies are disabled, Session state does not work. You don’t receive an error,
but items that you add to Session state aren’t available when you attempt to retrieve them
By default, the ASP.NET Framework assumes that a user has left the website when the user
has not requested a page for more than 20 minutes. At that point, any data stored in
Session state for the user is discarded.
The HttpSessionState class supports the following properties (this is not a complete list):
CookieMode—Enables you to specify whether cookieless sessions are enabled.
Count—Enables you to retrieve the number of items in Session state.
IsCookieless—Enables you to determine whether cookieless sessions are enabled.
IsNewSession—Enables you to determine whether a new user session was created with the current request.
IsReadOnly—Enables you to determine whether the Session state is read-only.
Keys—Enables you to retrieve a list of item names stored in Session state.
Mode—Enables you to determine the current Session state store provider. Possible values are Custom, InProc, Off, SqlServer, and StateServer.
SessionID—Enables you to retrieve the unique session identifier.
Timeout—Enables you to specify the amount of time in minutes before the web server assumes that the user has left and discards the session. The maximum value is 525,600 (1 year).
The HttpSessionState object also supports the following methods:
Abandon—Enables you to end a user session.
Clear—Enables you to clear all items from Session state.
Remove—Enables you to remove a particular item from Session state.
Handling Session Events
There are two events related to Session state that you can handle in the Global.asax file:
Session Start Event: is raised whenever a new user session begins
Session End Event: is raised when a session ends. A session comes to an end
when it times out because of user inactivity or when it is explicitly ended with the
Session.Abandon() method.
In code below The Global.asax file is used to track the number of active sessions.
Whenever a new session begins, the Session Start event is raised and the SessionCount
variable is incremented by one. When a session ends, the Session End event is raised and
the SessionCount variable is decremented by one.
<%@ Application Language=”C#” %>
<script runat=”server”>
void Application_Start(object sender, EventArgs e)
{
Application[“SessionCount”] = 0;
}
void Session_Start(object sender, EventArgs e)
{
Application.Lock();
int count = (int)Application[“SessionCount”];
Application[“SessionCount”] = count + 1;
Application.UnLock();
}
void Session_End(object sender, EventArgs e)
{
Application.Lock();
int count = (int)Application[“SessionCount”];
Application[“SessionCount”] = count - 1;
Application.UnLock();
}
</script>
The SessionCount variable is stored in the Application state, which contains items that are
shared among all users of a web application. Notice that the Application object is locked
before it is modified. You must lock and unlock the Application object because multiple
users could potentially access the same item in Application state at the same time.
Controlling When session State times out
You can specify the Session timeout in the web configuration file or you can set the
Session timeout programmatically
<system.web>
<sessionState timeout=”60” />
</system.web>
Using Cookieless Session State
You enable cookieless sessions by modifying the sessionState element in the web configuration file. The sessionState element includes a cookieless attribute that accepts the following values:
AutoDetect—The Session ID is stored in a cookie when a browser has cookies enabled. Otherwise, the cookie is added to the URL.
UseCookies—The Session ID is always stored in a cookie (the default value)
UseDeviceProfile—The Session ID is stored in a cookie when a browser supports cookies. Otherwise, the cookie is added to the URL.
UseUri—The Session ID is always added to the URL.
<system.web>
<sessionState cookieless=”AutoDetect” regenerateExpiredSessionId=”true” />
</system.web>
Note: When regenerateExpiredSessionId is enabled and a session times out, the Session ID in the URL is regenerated when a person requests the page.
