ASP.NET - difference between browser session and asp.net session

Asked By anbu n on 18-May-11 02:42 AM
difference between browser session and asp.net session
Reena Jain replied to anbu n on 18-May-11 02:45 AM
hi,

Browser session is cookies stored at browser side and asp.net session is the session variables stored at server side.
  • The basic and main difference between cookie and session is that cookies are stored in the user's browser but sessions can't store in user's browser. This specifies which is best used for.
  • A cookie can keep all the information in the client's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie.
  • Sessions are not reliant on the user allowing a cookie. They work like a token in the browser which allowing access and passing information while the user has opened his browser. The problem in sessions is when you close the browser the session will automatically lost. So, if you had a site requiring a login, this couldn't be saved as a session but it can be saved as a cookie, and the user has to re-login every time they visit.
Hope this will help you
Ravi S replied to anbu n on 18-May-11 02:51 AM
HI

Browser session

The mechanism for recognizing multiple requests from the same browser is called a session. A session recognizes requests from the same browser. A session also supports the maintaining of a Web application state among multiple Web interactions within the same browser instance and with the Web server. The Web server does not recognize whether multiple requests originate from the same browser or not because the HTTP protocol is stateless.

Conceptually, a session can be thought of as an invisible "container" maintained by the WebSphere Application Server. It keeps track of the specific browser instance that communicates with the Web server. A separate session exists for every separate browser instance communicating to the Web server.


Asp.Net Session

ASP.NET Session state provides a place to store values that will persist across page requests.  Values stored in Session are stored on the server and will remain in memory until they are explicitly removed or until the Session expires. 
  • It helps to maintain user states and data to all over the application.
  • It can easily be implemented and we can store any kind of object. 
  • Stores every client data separately. 
  • Session is secure and transparent from user.
Jitendra Faye replied to anbu n on 18-May-11 05:12 AM

Asp.net session is maintained by Server means it is stored in server.

Browser maintain user session in client side, for this it uses cookie.
Riley K replied to anbu n on 18-May-11 05:16 AM
In ASP.Net each session is created with Unique ID at server, that is ASP.Net Sessions are maintained at server side

Where as Cookies they are stored at client side

A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie. The trouble is that a user can block cookies or delete them at any time. If, for example, your website's shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.

Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

Anoop S replied to anbu n on 18-May-11 06:10 AM
State Management in APS.NET is managed by two ways: Client-Side or Server-Side

Client-Side:Cookies,HiddenFields,ViewState and Query  Strings.
Serve-Side:Application,Session and Database.

COOKIE:
A cookie is a small amount of data stored either in a text  file on the client's file system or in-memory in the client  browser session. Cookies are mainly used for tracking data  settings. Let’s take an example: say we want to customize a  welcome web page, when the user request the default web  page, the application first to detect if the user has  logined before, we can retrieve the user informatin from
cookies:

if (Request.Cookies[“username”]!=null)
lbMessage.text=”Dear “+Request.Cookies[“username”].Value+”,
Welcome shopping here!”;
else
lbMessage.text=”Welcome shopping here!”;

If you want to store client’s information, you can use the  following code:

Response.Cookies[“username’].Value=username;

So next time when the user request the web page, you can  easily recongnize the user again.

SESSION:
Session object can be used for storing session-specific  information that needs to be maintained between server  round trips and between requests for pages. Session object is per-client basis, which means different clients generate different session object.The ideal data to store in session-state variables is short-lived, sensitive data that is
specific to an individual session.

Each active ASP.NET session is identified and tracked using a 120-bit SessionID string containing URL-legal ASCII characters. SessionID values are generated using an algorithm that guarantees uniqueness so that sessions do not collide, and SessionID’s randomness makes it harder to guess the session ID of an existing session. SessionIDs are communicated across client-server requests either by an HTTP cookie or a modified URL, depending on how you set the application's configuration settings.

Every web application must have a configuration file named web.config, it is a XML-Based file, there is a section name ‘sessionState’, the following is an example:

<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password=" cookieless="false" timeout="20" />

‘cookieless’ option can be ‘true’ or ‘false’. When it  is‘false’(default value), ASP.NET will use HTTP cookie to
identify users. When it is ‘true’, ASP.NET will randomly  generate a unique number and put it just right ahead of the requested file, this number is used to identify users
[c#]
//to store information
Session[“myname”]=”Mike”;
//to retrieve information
myname=Session[“myname”];
Anoop S replied to anbu n on 18-May-11 06:12 AM
Cookies
1.Cookies can store only "string" datatype
2.They are stored at Client side
3.Cookie is non-secure since stored in text format at client side
4.Cookies may or may not be individual for every client
5.Due to cookies network traffic will increase.Size of cookie is limited to 40 and number of cookies to be used is restricted to 20.
6.Only in few situations we can use cookies because of no security
7.We can disable cookies
8.Since the value is string there is no security
9.We have persistent and non-persistent cookies

Session
1.Session can store any type of data because the value is of datatype of "object"
2.These are stored at Server side
3.Session are secure because it is stored in binary format/encrypted form and it gets decrypted at server
4.Session is independent for every client i.e individual for every client
5.There is no limitation on size or number of sessions to be used in an application
6.For all conditions/situations we can use sessions
7.we cannot disable the sessions.Sessions can be used without cookies also(by disabling cookies)
8.The disadvantage of session is that it is a burden/overhead on server
9.Sessions are called as Non-Persistent cookies because its life time can be set manually
S replied to anbu n on 18-May-11 06:12 AM
he main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for.

  • A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie.
  • The trouble is that a user can block cookies or delete them at any time. If, for example, your websites shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.
  • Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.


Read more: http://wiki.answers.com/Q/Difference_between_Cookies_and_Session_in_AspNet#ixzz1MhI57WP2