ASP.NET provides session-state management to enable you to store information associated with a unique browser session across multiple requests. You can store a collection of values referenced by a key name or by numerical index. Access to session values and functionality is available using the System.Web.SessionState.HttpSessionState class, which is accessible through the System.Web.HttpContext.Session property of the current System.Web.HttpContext, or the System.Web.UI.Page.Session property of the System.Web.UI.Page.

Session data is associated with a specific browser session using a unique identifier. By default, this identifier is stored in a non-expiring session cookie in the browser, but you can also configure your application to store the session identifier in the URL by setting the cookieless attribute to true or System.Web.HttpCookieMode.UseUri in the sessionState element of your application configuration. You can have ASP.NET determine whether cookies are supported by the browser by specifying a value of System.Web.HttpCookieMode.UseDeviceProfile for the cookieless attribute. You can also have ASP.NET determine whether cookies are enabled for the browser by specifying a value of System.Web.HttpCookieMode.AutoDetect for the cookieless attribute. If cookies are supported when System.Web.HttpCookieMode.UseDeviceProfile is specified, or enabled when System.Web.HttpCookieMode.AutoDetect is specified, then the session identifier will be stored in a cookie; otherwise the session identifier will be stored in the URL.

Sessions are started during the first request and session values will persist as long as a new request is made by the browser before the number of minutes specified in the HttpSessionState.Timeout property pass. When a new session begins, the session SessionStateModule.Start event is raised. You can use this event to perform any additional work at the start of a session, such as setting default session values. When a session times out, the HttpSessionState.Abandon method is called, or the ASP.NET application is shut down, the session SessionStateModule.End event is raised. You can use this event to perform any necessary cleanup. The SessionStateModule.End event is raised only when the session state mode is set to SessionStateMode.InProc.

To improve performance, sessions that use cookies do not allocate session storage until data is actually stored in the System.Web.UI.Page.Session object. For more information, see the HttpSessionState.SessionID property.

Session state does not persist across ASP.NET application boundaries. If a browser navigates to another application, the session information is not available to the new application.

Session values are stored in memory on the Web server, by default. You can also store session values in a SQL Server database, an ASP.NET state server, or a custom server. This enables you to preserve session values in cases where the ASP.NET or IIS process or the ASP.NET application restarts and to make session values available across all the servers in a Web farm. This behavior is configured by setting the mode attribute to a valid System.Web.SessionState.SessionStateMode value in the sessionState element of your application configuration. For more information, see Session State Modes.

Alternatives to session state include application state (see the System.Web.HttpApplication.Application property) and the ASP.NET cache (see the System.Web.Caching namespace), which store variables that can be accessed by all users of an ASP.NET application; the ASP.NET profile (see the System.Web.Profile namespace), which persists user values in a data store without expiring them using a time-out; ASP.NET System.Web.UI.WebControls, which persist control values in the System.Web.UI.Control.ViewState; System.Web.HttpResponse.Cookies; the System.Web.HttpRequest.QueryString property; and fields on an HTML form that are available from an HTTP POST using the System.Web.HttpRequest.Form collection. For more details on the differences between session state and other state-management alternatives, see ASP.NET State-Management Recommendations.

Namespace: System.Web.SessionState
Assembly: System.Web (in System.Web.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0