Where is the SessionID stored?
-
I always thought the session ID was stored in a cookie on the client (when cookieless=false). To test this I wrote a very simple page to see if this was the case. I have one webpage which sets a session variable, and then I go to a second page which displays the contents of the session variable. This works as expected.
WebForm1.aspx.vb
Private Sub btnSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSave.Click
Session("UserName") = TextBox1.Text
End SubWebForm2.aspx.vb
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Response.Write("Your name is " & Session("UserName"))
End SubFor the test, I manually cleared the browser cache and cookies between the page requests to try and delete the session ID. However, the session variable still displayed correctly on the second page (indicating the session ID is maintained). In fact, the only way to clear the session was to close the browser. Where is the sessionID stored on the browser? – Or am overlooking something very obvious here? (At the moment I’m thinking it’s either in the viewstate, or in the HTML header somewhere, but I still can’t work out how the browser keeps track of what the session ID is or how the server 'knows' the same session is connecting) (Using VB/ASP.NET on framework v 1.0, and IE 6.0 on XP for testing) John[^]
-
I always thought the session ID was stored in a cookie on the client (when cookieless=false). To test this I wrote a very simple page to see if this was the case. I have one webpage which sets a session variable, and then I go to a second page which displays the contents of the session variable. This works as expected.
WebForm1.aspx.vb
Private Sub btnSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSave.Click
Session("UserName") = TextBox1.Text
End SubWebForm2.aspx.vb
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Response.Write("Your name is " & Session("UserName"))
End SubFor the test, I manually cleared the browser cache and cookies between the page requests to try and delete the session ID. However, the session variable still displayed correctly on the second page (indicating the session ID is maintained). In fact, the only way to clear the session was to close the browser. Where is the sessionID stored on the browser? – Or am overlooking something very obvious here? (At the moment I’m thinking it’s either in the viewstate, or in the HTML header somewhere, but I still can’t work out how the browser keeps track of what the session ID is or how the server 'knows' the same session is connecting) (Using VB/ASP.NET on framework v 1.0, and IE 6.0 on XP for testing) John[^]
There are two types of cookies - persistent and non-persistent. Persistent cookies are stored in files - clearing your cookie cache will remove persistent cookies. Non-persistent cookies are stored in memory and aren't removed when you clear the cache. Session cookies are non-persistent.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
-
There are two types of cookies - persistent and non-persistent. Persistent cookies are stored in files - clearing your cookie cache will remove persistent cookies. Non-persistent cookies are stored in memory and aren't removed when you clear the cache. Session cookies are non-persistent.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
-
There are two types of cookies - persistent and non-persistent. Persistent cookies are stored in files - clearing your cookie cache will remove persistent cookies. Non-persistent cookies are stored in memory and aren't removed when you clear the cache. Session cookies are non-persistent.
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----
Heath Stewart wrote: There are two types of cookies - persistent and non-persistent. Persistent cookies are stored in files - clearing your cookie cache will remove persistent cookies. Non-persistent cookies are stored in memory and aren't removed when you clear the cache. Session cookies are non-persistent. Also, a) If you set "cookieless" to be true in your web.config file, then session id will be in the url so the code will work even if you disable cookies in your browser. b) If you transfer from the first page to the second using Server.Transfer, then the second page will be displayed without communicating to your browser so no cookie will be used in this case (I thought this is true, but didn't actually test it :-O ). Click here to see my articles and software tools
-
Lesson about persistent cookies learned, eh? :-D
-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----