0

Anyway, my main concern is using Session. I've always been under the impression that if you use the following statements (not that I would):

Session["newVar1"] = "a new session variable";
Session["newVar2"] = "a new session variable";
Session["newVar3"] = aLargeVariableThatHoldsLotsOfData;

You would be creating 3 new session cookies that hold the particular value. But I think my asp book is indicating that you would actually create 3 new variables in your session state object and ASP would only pass a unique Session ID (as a cookie?) in the response, and would get this ID upon the next request and associate that ID with your Session State Object (that IIS has stored in memory..?):

...it creates a session state object that contains a unique session ID for each user's session. This ID is passed back to the browser as part of the response and then returned to the server with the next request. ASP.NET can then use the session ID to get the session state object that's associated with the request.

That doesn't seem ideal for a website with lots of traffic. A server that is storing and maintaining thousands and thousands of instances of session state per website seems like way too much overload.
I'm trying to see what's going on on my own, but I'm having trouble.. I can't find my site's cookies anywhere on my machine (IE/windows xp). I've checked C:\Documents and Settings\nicholasr\Cookies\ and C:\Documents and Settings\nicholasr\Local Settings\Temporary Internet Files which, according to this yahoo answer, IE cookies are stored as well. I'm using ticket authentication in my app which stores a auth cookie on the client, so a cookie from my site has to be somewhere..
I guess I'm asking:
1) If someone can help me understand how Session State works behind the scenes
2) Where is IE storing my site's cookies? ><

Nick Rolando
  • 25,879
  • 13
  • 79
  • 119

1 Answers1

4

There is a single session cookie which represents a GUID. The session values itself are stored on the server. So when you write:

Session["newVar1"] = "a new session variable";
Session["newVar2"] = "a new session variable";
Session["newVar3"] = aLargeVariableThatHoldsLotsOfData;

an HTTP cookie that might look like this is sent to the client. This cookie contains only an id, not the actual values. The actual values could be stored either in the server memory, a separate process, or even SQL Server depending on the <sessionState mode="" in web.config. Then when later the client sends another request it will send this cookie id to the server and given id the server will fetch the actual values.

The client browser stores those cookies in memory, meaning that if you close it, the session will be lost because session cookies are not persistent.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • Thx Darin. Do you know where I can find this cookie? windows xp/IE7 – Nick Rolando Mar 29 '11 at 18:44
  • @Nicklamort, you can't find it. It's in the memory of the browser and sent with each request. Never stored anywhere. You could use an HTTP analyzer like Fiddler or FireBug in FireFox to see how this value is appended to each request. – Darin Dimitrov Mar 29 '11 at 18:45
  • @Darin Oh snap.. I suppose its the same for my auth cookie too. thank you very much! big help :) – Nick Rolando Mar 29 '11 at 18:47
  • @Nicklamort, authentication cookies are different. You could make them persistent i.e. stored in a file so that they survive browser restart. When emitting the cookie with [FormsAuthentication.SetAuthCookie](http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.setauthcookie.aspx), the second argument allows you to specify this behavior. – Darin Dimitrov Mar 29 '11 at 18:48
  • @Darin I see. My auth cookie is non-perisistant, so that would explain it. This answer was useful to me as well: http://stackoverflow.com/questions/3037582/where-does-ie-store-the-asp-net-sessionid-cookie – Nick Rolando Mar 29 '11 at 18:57
  • @Nicklamort, you are welcome, I am glad I could shed some light. Please mark this answer as accepted if it helped you solve the issue you were having. Thanks. – Darin Dimitrov Mar 29 '11 at 18:58