Last post Dec 04, 2014 02:25 AM by Summer - MSFT
Nov 27, 2014 12:02 PM|hom_rcp|LINK
here, IsReferenceMode determines whether the session should be stored in the session cookie or whether the session content should be stored on the server side, using the cookie to store just a reference.
But if I implemented a custom Server-side session token caching, and set the reference mode to false, which means the session is being saved
only in a cookie in the client side, the service is still being called to save and retrieve the SecuritySession!!!!.
Isn't strange? Is the session being saved in both server and client side in this case? If yes, where is it being read from exactly?
Nov 28, 2014 02:24 AM|Summer - MSFT|LINK
Welcome to the ASP.NET forum.
Is the session being saved in both server and client side in this case
In ASP.NET; you have a Session cookie. This cookie is used to identify which session is yours; but doesn't actually contain the session information.
By default, ASP.NET will store session information in memory inside of the worker process (InProc), typically w3wp.exe. There are other modes for storing session, such as Out of Proc and a SQL Server.
Further information please refer to the articles .
Nov 28, 2014 02:41 AM|hom_rcp|LINK
Thanks for the answer but I'm using SSO with a WIF STS. And from the link I shared, the SecurityToken is either stored in a cookie ( (FedAuth) ~8KB cookie with the bootstrap) or on the server and the cookie will be only a reference (~0.5 KB)
Dec 04, 2014 02:25 AM|Summer - MSFT|LINK
Maybe these articles could interest you and hoep it could useful for you.