Chapter 33. The System.Web.SessionStateNamespace
The System.Web.SessionState
namespace provides the
types used for session state management, which stores information that
is specific to one session or client. Each user accessing an ASP.NET
application has a separate session state collection. Session state is
ideal for sensitive data (like credit card numbers and mailing
addresses) because it is stored exclusively on the server. It is also
well suited for complex data (like recordsets,
.NET class instances, or COM objects) that cannot be easily serialized to a client-side
cookie.
To support session state, each active ASP.NET session is identified and
tracked with a unique 120-bit session ID string. Session ID values are
created and managed automatically by the ASP.NET framework by using an
algorithm that guarantees uniqueness and randomness so that they can’t
be regenerated by a malicious user. When a client requests an ASP.NET
page, the appropriate ID is transmitted from the client by a cookie or
a modified (“munged”) URL. ASP.NET worker processes then retrieve the
serialized data from the state server as a binary stream, convert it
into live objects, and place these objects into the HttpSessionState
class’s
key/value collection. This class is the core of the System.Web.SessionState
namespace. Most other
classes in this namespace are used transparently by the ASP.NET
framework, except the IReadOnlySessionState
and IRequiresSessionState
interfaces, which allow custom System.Web.IHttpHandler ...
Get ASP.NET in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.