SessionCookies n asp.net - asp.net

I am new to ASP.Net i dont understand the concept of sessioncookies
What is a sessioncookie,what are the advantages of sessioncookie
whats is sessioncookie is all about,
how to create a sessioncookie,
how to retreive values from sessioncookies,
how to store values in sessioncookies.
i searched in net but i dont get clear idea about the sessioncookie concept can anyone pls clarify whats is sessioncookies and its concepts and provide some code samples if possible.
Thanks

You can use the ASP.NET Session State to store information over multiple page requests. On MSDN, there's a nice introduction to the topic:
ASP.NET Session State Overview
The session cookie is used to associate the user's browser session with the session state object of ASP.NET. It's basically a implementation detail that you (usually) don't need to worry about: Use the Session object and let ASP.NET worry about setting/retrieving and managing the associated cookie.

Take a look at this:
http://www.codeproject.com/KB/aspnet/ExploringSession.aspx

Related

ASP.NET Session Management With Variables

Ran into a stupid problem...
So right now I implement Application_Start to load up the hash tables, which works fine. Next in Session_Start I parse a user's cookie to retrieve his name, which, again, works fine. The problem happens when I store his username in a variable in Global.asax.cs. I didn't really realize that this is a variable shared among all processes/threads. So I guess my question is how do you parse a user's cookie one time and then save the data for sure elsewhere in the process/thread.
You can store cookies in session and use it later. You can store any object in session collection and retrieve it later before it expires. You can read more over here
Assigning to session
Session["anyName"] = "value";
Retrieving from session object
string str = Session["anyName"].ToString();
That's exactly what the ASP.NET session is meant for. Store this information there. It will be only specific to the current user and not shared among all users.
By the way you might also want to checkout Forms Authentication in ASP.NET, just to make sure that you don't reinvent some wheels.
Can't you just use Session?
Session["username"] = username;
var username = Session["username"];
Session is definitely the way I would go. Having HUGE amounts of data in Session could potentially lead to performance problems, but only storing small strings for each user shouldn't matter at all.

Share session (asp->asp.net) security

I need to share session in order to pass data from asp page to aspx. The solutions I've found:
• Pass data through hidden form (link)
• Pass data through database (link)
I've tried method with form and it worked fine (after some modification). Now I'm trying method with database. First method is easier imho, so I wonder if the second method is more secure (and preferable) than the first one?
And what potential problems exist with these methods?
The first solution is definitely less secure since you're sending session data to the client and then receiving it back. That means that it's possible for someone on the client side to modify the data they post back to your page. This removes one of the best things about sessions, that only the programmer controls what's in them. In a way, the first method is similar to using cookies. As for the second method, it may be more difficult but I would definitely recommend it over the first.
If the session is encrypted I think you will fine. ASP.NET has the option of storing the session in a database and URL querystring to get around users not having cookies enabled. Your solutions sound similiar.
Microsoft outlines a method to share session state between ASP classic and ASP.NET using SQL Server to store the session here: http://msdn.microsoft.com/en-us/library/aa479313.aspx

How to get Session Data with out having HttpContext.Current, by SessionID

I am searching to find a way to read and write on session data but with out having the HttpContext. Current.
Why I won to do that ? because I wish to make some action with the user Session after the page have been close and unloaded.
For example, a user load and see a page, then I create a thread to make some action and let user go. Inside this thread I like to read the session data, but in this case HttpContext . Current is not exist any more.
So is there a way to read Session Data knowing just the session id.
I store my session inside an SQL server, and I see them. its there on table ASPStateTempSessions :)
How can I read them "offline" and manipulate them ?
Thank you in advanced.,
Still not quite clear why you might want to do that but you might not actually need to do it on Session_End(). At that point, it may be too late for you to work with the session data anyway (I've read some articles before about this). What might be a better solution is to actually attempt to work on the session data when your application actually has the context.
For example:
There's nothing to stop your application creating an asynchronous request on a new thread in the background (or even a different application, such as a Windows Service, for instance) when the specific session variable that you want is updated or has been set. This way, your application will be able to access the current HttpContext as well as all of the session data.
Not sure if this helps, but it was worth a shot ;)
Richard.
I may be a little late but...
Today I found about the:
System.Web.HttpRuntime.Cache
I know is not the same that a session but I think it's much better alternative that db.
Regards.

ASP.NET mixed windows/forms authentication problem with session objects

Weird problem here, we're running a few mixed environment web applications, that use Windows or Forms authentication depending on where the user comes from.
I'm curious how everyone else might be handling expired sessions to avoid the errors you would get from someone leaving an idle session open for too long and then trying to resume work, mainly looking for best practices on the subject.
Any suggestions or opinions would be greatly appreciated.
Thanks,
I'm not sure how your authentication method affects session timeouts, the mechanism they use to get in shouldn't affect how long they can stay in.
Generally speaking, if someone does have an expired session, you can add code to check to see if their session is active. If it isn't, just redirect them to a login page, or display some other friendly text.
Basically something like:
if (Session.IsNewSession)
Response.Redirect("login.aspx");
Don't store unnecessary information on the session.
If you are storing something you can reload, have the appropriate code that will reload it if it wasn't found in the session
Consider if some processes are meant to be handled in long periods of time, in which case save intermediate info to the database.
If the user is doing a process that uses the session, and the data is missing, take them to step 1 (not much you can do about it, if you don't have the info elsewhere).

How do I get user informations from a session id in ASP.NET?

In an asp.net application, i would like to use a webservice to return the username associated with the session id passed as a parameter. We're currently using InProc session store.
Is it possible to do this ?
Edit: what i'm trying to do is get information about another session than the current one. I'm not trying to get the SessionID, i've already got it. I'm trying to get the user information associated with a given SessionID.
Thanks,
Mathieu G.
You could possibly create a "fake"cookie with the session ID and make a request to your web service using it, so that the web service was fooled into thinking you were part of the session, enabling you to read any info from it. Sounds like quite the hack, though :)
Something like:
HttpSessionState ss = HttpContext.Current.Session;
HttpContext.Current.Response.Write(ss.SessionID);
That will get the current sessionID.

Resources