Session information

There are some things about session variables that are important to know. Each session can be uniquely identified within an ASP.NET application. A 120-bit session ID string, which contains characters that can be carried in a URL, is used to track and identify sessions. Session ID values are generated by an algorithm that guarantees uniqueness. This is important in ensuring that sessions don't collide.

Session IDs are communicated across client/server requests by either an HTTP cookie or a munged URL.

An application can store session state data in a SQL Server database. The following procedure shows how to configure an application to use SQL Server to store state:

1. Be sure ASP.NET State service is running on the server that will store the session. This service is installed with ASP.NET and installed by default at <Drive>:\Program Files\ASP.NET\Premium\V1.0Beta2\aspnet_estate.exe.

2. Edit the Web.config file as follows :

    <sessionState mode="OffInprocStateServerSQLServer"    cookieless="truefalse"    timeout="number of minutes"    stateConnectionString="tcpip=server:port"    sqlConnectionString="sql connection string" /> 

Be sure you specify the sqlConnectionString as sqlConnectionString="data source=somename; user id=sa;password=MyPassword" in Web.config of the application.

Table 17.1 shows traits of the required attribute for the sessionState element, and Table 17.2 shows traits of the optional attributes for the sessionState element.

Table 17.1. Required Attribute for sessionState

Table 17.2. Optional Attributes for sessionState