Controlling Session State

  • Article

Microsoft ASP.NET provides a session state object that you can use to save information about a user session across multiple requests. The ASP.NET session management feature is scalable and robust, and you can use it across Web farms.

Considerations for Cookieless Sessions

By default, the ASP.NET session object uses a client-side cookie to store an identifier. This identifier is used to locate the session across server round trips. However, it also supports a cookieless session mode that initially redirects the client to a new URL containing the session ID, and then automatically parses the session ID out of the URL.

For ASP.NET mobile Web applications that use session state, the following factors must be considered:

  • Some mobile devices and gateways do not support cookies. To run a Web application capable of serving these devices, the Web server must have session management set to cookieless mode.
  • Some mobile devices have problems handling relative URLs after they have been redirected by the cookieless session management technique.

Using Alternatives to Cookies

Some mobile devices do not support cookies, so developers must find alternate techniques for scenarios that require persistent state. For example, if a user logs on to a page, the application could assign the developer a logon ID that is used for the remainder of the session. Typically, you use a cookie for this form of authentication, which is called cookie-based authentication. However, cookie-based authentication is not an option for devices that do not support cookies. Instead, the developer must rely on another state management mechanism.

Session State

One alternative is to use session state. Because you can configure session state to work without cookies, the user can keep the ID in the session state. However, one disadvantage of this technique is that the information expires with the session. Another disadvantage is that this technique always requires session state be used.

Hidden Variables

ASP.NET mobile Web Forms do not include a mobile control for writing out hidden variables. Instead, the form provides a collection called HiddenVariables within the MobilePage class that you can use to specify hidden variables. All name/value pairs stored in this collection are persisted as hidden variables. The HiddenVariables collection is automatically repopulated with these hidden variables when the form is submitted.

This alternative uses hidden variables on a page. Hidden variables are automatically resubmitted as part of a form submission, whether the submission is to the same page or to another page.

See Also

Controlling View State | Supporting View State | Creating ASP.NET Mobile Web Applications | Application Developer's Guide | Developing Mobile Web Applications | ASP.NET State Management | LoadPrivateViewState | Maintaining State in a Control | SavePrivateViewState | HiddenVariables | MobilePage