开发者

Is session stored in client side or server side

I was wondering if HttpContext.Session uses cookies to store data. A work colleague told me that in a mobi site, phones generally do not have cookies and therefore you don't have ses开发者_StackOverflowsion. I always thought session is data that is stored on the server side and is not dependant on client side objects please explain if I am wrong.

I read this.


In ASP.NET; you have a Session cookie. This cookie is used to identify which session is yours; but doesn't actually contain the session information.

By default, ASP.NET will store session information in memory inside of the worker process (InProc), typically w3wp.exe. There are other modes for storing session, such as Out of Proc and a SQL Server.

ASP.NET by default uses a cookie; but can be configured to be "cookieless" if you really need it; which instead stores your Session ID in the URL itself. This typically has several disadvantages; such as maintence of links become difficult, people bookmarking URLs with expired session IDs (so you need to handle expired session IDs, etc). Most modern phones, even non-smart phones, support cookies. Older phones may not. Whether you need to support cookieless sessions is up to you.

If your URL looked like this:

http://www.example.com/page.aspx

A cookieless URL would look like this:

http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/page.aspx

Where lit3py55t21z5v55vlm25s55 is a session ID.

You can learn more about ASP.NET's session state here


The session data is stored on the server, but it also stores an id string in a cookie to identify the user.

If cookies are not supported, the id string can't be stored, and the server can't pair the session when the user makes another request.

The session id is just a number generated by the server (either from a counter or randomly), so it doesn't contain any information from the data that you store in the session object.

(The application can also be configured to put the session in the URL instead of in a cookie. This enables you to use sessions without cookies, but it ruins your nice URLs.)


Nowadays it can be both.

Server Session

Server Side session already explained in the others posts. The session is stored on the server but it need a cookie to store an indicator of who is requesting the session value.

Client Session

The new concept of WebStorage defined by W3C shows how a client side session is nowasays needed. Here is the HTML5 implementation of a WebStorage: https://code.google.com/p/sessionstorage/


This is a tricky question in some ways, as it is a bit of both.

The session state, itself, is stored on the server. But, you need some type of indicator on the client to use it. Normally, this is a server cookie, which is very thin and is basically a GUID for the session and nothing more. But, you can set up sites to pass the session ID in the URI, so it need not be a cookie.

Not sure how phones deal with the session cookie concept, but since I can log in, and do not see IDs in URIs, I assume there is a mechanism, even if it does not handle user cookies.


Session id is by defauld stored as cookie. You can also configure your session to pass its id as a query parameter ("cookieless").

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜