In ASP.NET, I’m a bit confused about role of cookies in session state.
Whats is the difference between normal session state and cookieless session state?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Normal session state involves providing a cookie. The cookie contains a session identifier which is used by the website to match visitors up with their respective session values.
Cookieless session state uses the same principles, but doesn’t use cookies to pass the session identifier around. Normally, this is passed as a parameter on the querystring.
e.g.
http://www.somewebsite.com/page.aspx?sid=jrkwojeqrojq3op349023231234r23rf2
Method 2
ASP.NET is able to modify relative links found within the page and embed the Session ID in the URLs instead of storing it in a cookie.
Thus, as long as the user follows the path of links the site provides, session state can be maintained without using cookies. However, if the end user re-writes the URL, the session state instance will most likely be lost.
Further reading:
Method 3
The cookie less session doesn’t use a cookie is user’s browser to store session state. Instead it stores the session either in the page itself or in the url. Read here for a comparison.
Method 4
cookieless means that the sessionId is munged into the url for each request as opposed to setting a cookie on the browser.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0