Thursday 5 April 2012

Difference between cookies and session in ASP.NET || Cookie in ASP.NET || Session in ASP.NET

State Management in APS.NET is managed by two ways:
Client-Side or Server-Side

Client-Side:Cookies,HiddenFields,ViewState and Query
Strings.
Serve-Side:Application,Session and Database.


COOKIE:
A cookie is a small amount of data stored either in a text file on the client's file system or in-memory in the client browser session. Cookies are mainly used for tracking data settings. Let’s take an example: say we want to customize a welcome web page, when the user request the default web
page, the application first to detect if the user has logined before, we can retrieve the user informatin from cookies:
[c#]
if (Request.Cookies[“username”]!=null)
lbMessage.text=”Dear “+Request.Cookies[“username”].Value+”,
Welcome shopping here!”;
        Else
lbMessage.text=”Welcome shopping here!”;
If you want to store client’s information, you can use the
following code:
[c#]
Response.Cookies[“username’].Value=username;
So next time when the user request the web page, you can easily recongnize the user again.

SESSION:
Session object can be used for storing session-specific information that needs to be maintained between server round trips and between requests for pages. Session object is per-client basis, which means different clients generate
different session object.The ideal data to store in session-state variables is short-lived, sensitive data that is specific to an individual session.

Each active ASP.NET session is identified and tracked using a 120-bit SessionID string containing URL-legal ASCII characters. SessionID values are generated using an algorithm that guarantees uniqueness so that sessions do
not collide, and SessionID’s randomness makes it harder to guess the session ID of an existing session. SessionIDs are communicated across client-server requests either by an HTTP cookie or a modified URL, depending on how you set the application's configuration settings.

Every web application must have a configuration file named web.config, it is a XML-Based file, there is a section name ‘sessionState’, the following is an example:

<sessionState mode="InProc"
        stateConnectionString = "tcpip=127.0.0.1:42424"
        sqlConnectionString = "data source=127.0.0.1;user"
id=sa;password=" cookieless="false" timeout="20" />

‘cookieless’ option can be ‘true’ or ‘false’. When it
is ‘false’(default value), ASP.NET will use HTTP cookie to
identify users. When it is ‘true’, ASP.NET will randomly
generate a unique number and put it just right ahead of the
requested file, this number is used to identify users
[c#]
  //to store information
Session[“myname”]=”Mike”;
//to retrieve information
myname=Session[“myname”];
this is briefly about cookies and sessions in ASP.NET


·          The main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for.

·          A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie

·          Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

·          A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie.

·          The trouble is that a user can block cookies or delete them at any time. If, for example, your websites shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.

·          Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

3 comments:

  1. nice article.......Keep posting

    ReplyDelete
  2. Good explanation.. all your article are explained practically.. to be frank its very interesting to dive in through your blogs.. I have one question... How can we maintain session very effectively ??.. consider I have an application daily almost 1,000,00 users longing in.. in that case if we store values in session it will become over head I believe.. correct me if I am wrong. So how to over come these issues and to make effective coding ?

    ReplyDelete