Difference between cookies and session in ASP.NET || Cookie in ASP.NET || Session in ASP.NET

State Management in APS.NET is managed by two ways:

Client-Side or Server-Side

Client-Side:Cookies,HiddenFields,ViewState and Query

Strings.

Serve-Side:Application,Session and Database.

COOKIE:

A cookie is a small amount of data stored either in a text file on the client's file system or in-memory in the client browser session. Cookies are mainly used for tracking data settings. Let’s take an example: say we want to customize a welcome web page, when the user request the default web

page, the application first to detect if the user has logined before, we can retrieve the user informatin from cookies:

[c#]

if (Request.Cookies[“username”]!=null)

lbMessage.text=”Dear “+Request.Cookies[“username”].Value+”,

Welcome shopping here!”;

        Else

lbMessage.text=”Welcome shopping here!”;

If you want to store client’s information, you can use the

following code:

[c#]

Response.Cookies[“username’].Value=username;

So next time when the user request the web page, you can easily recongnize the user again.

SESSION:

Session object can be used for storing session-specific information that needs to be maintained between server round trips and between requests for pages. Session object is per-client basis, which means different clients generate

different session object.The ideal data to store in session-state variables is short-lived, sensitive data that is specific to an individual session.

Each active ASP.NET session is identified and tracked using a 120-bit SessionID string containing URL-legal ASCII characters. SessionID values are generated using an algorithm that guarantees uniqueness so that sessions do

not collide, and SessionID’s randomness makes it harder to guess the session ID of an existing session. SessionIDs are communicated across client-server requests either by an HTTP cookie or a modified URL, depending on how you set the application's configuration settings.

Every web application must have a configuration file named web.config, it is a XML-Based file, there is a section name ‘sessionState’, the following is an example:

<sessionState mode="InProc"

        stateConnectionString = "tcpip=127.0.0.1:42424"

        sqlConnectionString = "data source=127.0.0.1;user"

id=sa;password=" cookieless="false" timeout="20" />

‘cookieless’ option can be ‘true’ or ‘false’. When it

is ‘false’(default value), ASP.NET will use HTTP cookie to

identify users. When it is ‘true’, ASP.NET will randomly

generate a unique number and put it just right ahead of the

requested file, this number is used to identify users

[c#]

  //to store information

Session[“myname”]=”Mike”;

//to retrieve information

myname=Session[“myname”];

this is briefly about cookies and sessions in ASP.NET

·          The main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for.

·          A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie

·          Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

·          A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie.

·          The trouble is that a user can block cookies or delete them at any time. If, for example, your websites shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.

·          Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.