Last post Oct 30, 2014 02:31 PM by PatriceSc
Oct 29, 2014 12:22 AM|waqasAli786|LINK
Is there any sessions in asp.net c# like PHP.I mean which is not store session-id in client machine and also session id not show in URL like cookie less session.I dont want to use cookie less session in my application.I want sessions like PHP which is not
store session id in client machine and also not show session id in URL is there any way?
Oct 29, 2014 01:41 AM|raju dasa|LINK
I want sessions like PHP which is not store session id in client machine and also not show session id in URL is there any way?
Are u sure PHP offers detecting a user without session Id from client request?
can u post a link which says so, because just seen "sessions in PHP" which uses Id (user key):
Oct 29, 2014 09:53 PM|Kevin Shen - MSFT|LINK
SessionID values are sent in clear text, whether as a cookie or as part of the URL. A malicious user could get access to the session of another user by obtaining the
SessionID value and including it in requests to the server.
If you are storing sensitive information in session state, it is recommended that you use SSL to encrypt any communication between the browser and server that includes the
In asp.net , the SessionID value is stored in a non-expiring session cookie in the browser. However, you can specify that
session identifiers should not be stored in a cookie by setting the cookieless attribute to
true in the
sessionState section of the Web.config file.
For more information about how to use session in asp.net ,please refer to the link below:
Oct 29, 2014 10:15 PM|Rion Williams|LINK
I'm assuming that you are referring to User Sessions and not the actual SessionState (e.g. using the Session as a form of storage at the user-level).
There are multiple approaches for handling Sessions within ASP.NET that I am sure you would find would be comparable to any PHP-related approaches. Generally, Forms Authentication (using Cookies) is going to be the most popular which will store
a cookie on the user's browser for the duration of their Session (it will not appear within the URL). Cookieless sessions however will generally store an authentication token within the URL and pass it along during the Session.
You could actually use the other form of Session that I previously mentioned (the SessionState) and store a value that will be stored solely on the server (and will not be able to be accessed through the client nor will it be stored in the URL).
The only issue with this approach is that the Session is extremely volatile and various processes can erase it (forcing the user to reauthenticate) such as IIS / Web Server restarts, major exceptions, etc :
// When the user "logs-in", store their information in the Session
Session["User"] = yourUserName;
So whenever you needed to access the value, you could just access it via the Session or check if the value exists to determine if a user is authenticated within each of your areas.
Oct 30, 2014 02:31 PM|PatriceSc|LINK
I don't see how PHP could find out the correct session for the HTTP request if this information doesn't come from the client side. Are you 100% sure it has some magic mechanism to do do? Keep in mind that regardless of the server side technology you have
to deal with how the web works and that all clients are equal...
Edit; according to http://php.net/manual/en/session.idpassing.php it seems to work the same way that is either by passing the sesson id as part of the url or as a cookie...