There are some things about session variables that are important to know. Each session can be uniquely identified within an ASP.NET application. A 120-bit session ID string, which contains characters that can be carried in a URL, is used to track and identify sessions. Session ID values are generated by an algorithm that guarantees uniqueness. This is important in ensuring that sessions don't collide.
Session IDs are communicated across client/server requests by either an HTTP cookie or a munged URL.
An application can store session state data in a SQL Server database. The following procedure shows how to configure an application to use SQL Server to store state:
Be sure you specify the sqlConnectionString as sqlConnectionString="data source=somename; user id=sa;password=MyPassword" in Web.config of the application.
Table 17.1 shows traits of the required attribute for the sessionState element, and Table 17.2 shows traits of the optional attributes for the sessionState element.
Table 17.1. Required Attribute for sessionState
Table 17.2. Optional Attributes for sessionState