How actually Session works in MVC?

Question

I'm little-bit confused about session management in MVC4.

Lets say, I entered username and password and clicked on Login button. Then on server side, I got SessionId from HttpContext.Current.Session. And then I am validating that user credentials against database. If user is valid, then Adding SessionId, userName and uiserId in Session.

Lets say, next time request is came from same machine and same browser, I got same SessionId and then allowing that user to access other information.

Now I have following questions:

1. How server come to know that request is came from same browser and from same machine?
2. I found that, SessionId is different for different browser but it is same for same browser on different machine, so If I logged in from machine1 and with google chrome, then is it possible to use same session for different browser?(means session will be available for different machine with same browser. Is it possible?)
3. How server understand that request is for same user, who is logged in?
4. In asp.net session is maintained by viewState, but view state is not used in MVC, then what is used in MVC?

Answer 1

First I suggest to read this Wikipedia article about HTTP sessions. The answers on your question:

1. With every request the client sends its SessionId in either a cookie or the query string.
2. This should not be possible by default. But it can be done by session hijacking.
3. The server reads the SessionId which was sent by the client in question 1. The server maintains for example a key value data object so it can load the right data for the given SessionId.
4. ASP MVC doesn't use a viewstate since it's a completely different approach than ASP.NET. See this question for more information.