LEARN SESSION

1. Web is Stateless,HTTP is a stateless protocol
2. Session provides the facility to store information on server memory.
3. It can support any type of object to store along with our custom object.
4. For every client Session data store separately

Advantages and Disadvantages of Session

Advantages
1. It helps to maintain user states and data to all over the application
2. We can store any kind of object.
3. Stores every client data separately.
4. Session is secure and transparent from user.
Disadvantages
1. Performance overhead in case of large volume of user, because of session data stored in server memory
2. In case of StateServer and SQLServer session mode we need to serialize the object before store
(Overhead involved in serializing and De-Serializing session Data)

Storing and Retrieving values  from Session

1. We can interact with Session State with  System.Web.SessionState.HttpSessionState class
2. Session["UserName"] = txtUser.Text;
3. string str =  Session["UserName"];

Session ID

1. Asp.Net use 120 bit identifier to track each session
2. When client communicate with server, only  session id is transmitted, between them
3. When client hits web site and some information is stored in session.
1. Server creates a unique session ID for that clients and stored in Session State Provider .
2. Again client request For some information with that unique session ID from Server.
3. Server,looks on Session Providers, and retrieve the serialized data from state server and type cast the object

Session Mode

1. InProc (In-Memory Object)
2. StateServer (Aspnet_state.exe)
3. SQLServer (DataBase)
4. Custom (CustomProvider)
5. Off (session will be disabled)

1. InProc (In-Memory Object)
1. This is the default Session mode in asp.net
2. Its stores session Information in Current Application Domain
3. stores session data in a memory object on that application domain
4. This is handled by worker process in application pool
5. So If we restart the server we will lose the session data.
6. Session_Start() -> User Using Appln -> Session_End()
7. When Should we use InProc Session Mode ?
1. It can be very helpful for a small web sites and where the number of user are very less
2. We should avoid InProc in case of Web Garden
8. Advantages and Disadvantages

Advantages
1. It store Session data in memory object of current application domain.
2. So accessing data is very fast and data is easily available.
3. There is not requirements of serialization to store data in InProc Session Mode

DisAdvantages
1. If the worker Process or application domain recycles all session data will be lost.
2. Though its fastest, but more session data and more users can affects performance, because of memory.
3. we can't use it in web Garden scenarios
4. This session mode is not suitable for web farm scenarios also

2. StateServer (Aspnet_state.exe)
1. This is also called Out-Proc session mode
2. StateServer uses a stand-alone Windows Services, which is Independent to IIS and can also run on a separate server
3. This session state is totally managed by aspnet_state.exe
4. This server may runs on the same system, but it's out side of that main  application domain where your web application
  is running
5. This allow if you restart your asp.net process restarted your session data will be alive
6.Advantages and Disadvantages

Advantages
1. Its keeps the data separate from IIS so, any Issue with IIS does not hamper Session data
2. It is useful in web farm and web garden scenarios.
Disadvantages
1. Process is slow due to Serialization and De-Serialization
2. State Server always need to be up and running

3. SQLServer (DataBase)
1. The Session data is serialized and stored in the SQL Server database
2. SQL Server Session mode is more reliable and secure session state management.
3. Its keeps data in a centralized location (database).
4. We should use SQL server session mode when we need to implement Session with some more security.
5. If  there happens to be  frequent server Restart we can implement SQL server
6. This is perfect mode that fits in web farm and web garden scenarios
7. we can use SQL server Session mode when we need to share session between two different application
8. Advantages and Disadvantages

Advantages
1. Session data do not  affected if we restart the IIS.
2. It is the most reliable and secure session management.
3. It keeps data located centrally ,  It can be easily accessible from other application.
4. It is  very useful in web farm and web garden scenarios.
Disadvantages
1. Processing is very slow in nature.
2. Object serialization and de-serialization creates overhead  for application
3. As the session data is handled in different server, so we have to take care of SQL server. It should be always up   and running.

4. Custom (CustomProvider)
1. Custom session gives full control to us to create every thing even session ID
2. can implement custom providers that store session data in other storage mechanisms simply by deriving from
  SessionStateStoreProviderBase Class
3. can also Generate New Session Id by Implementing ISessionIDManager.
4. This are the following methods  are called  during  implementation of Custom Session
1. Initialize()(set the Custom Provider)
2. SetItemExpireCallBack()(to set SessionTimeOut)
3. InitializeRequest()(called on every request)
4. CreateNewStoreData()(to create a new instance of SessionStateStoreData)
5. Advantages and Disadvantages

Advantages
1. We can use some existing Table for the store session data, It is useful when we have to use some old database   rather than SQL Serve
2. It's not depending on IIS , So Restarting web server does not make any effects on session data.
3. We can crate our own algorithm for generating Session ID
Disadvantages
1. Processing of Data is very slow
2. Creating a custom state provider is a low-level task that needs to be handled carefully to ensure security

Session And Cookies

1. Clients use cookies to work with session.
2. because the client needs to present the appropriate session ID with each request
3. We can do it in 2 ways
1. Using Cookies
1. ASP.NET creates a special cookies named ASP.NET_SessionId automatically when the session collection is used
2. This is the default
3. Session ID is transmitted through that cookies
2. Cookie Munging
1. Some older browser doest not support cookies or user may disable cookies in there browser, in that case ASP.Net  
  transmitted session ID  in a specially modified (or munged) URL.
2. When user request for a page on a server, Server  encoded the session id and add it with every  href  link  in page.
  When user click any links ASP.NET decodes that session id and passes it to the page that user requesting. Now the   requesting page can retrieve any session variable. This all happens automatically, if ASP.NET detects that the users  browser does not support cookies.
3. To Implement Cookie Munging we have to make session state cookieless