Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How actually Session works in MVC?

Tags:

asp.net

asp.net-mvc

session

session-state

asp.net-mvc-4

I'm little-bit confused about session management in MVC4.

Lets say, I entered username and password and clicked on Login button. Then on server side, I got SessionId from HttpContext.Current.Session. And then I am validating that user credentials against database. If user is valid, then Adding SessionId, userName and uiserId in Session.

Lets say, next time request is came from same machine and same browser, I got same SessionId and then allowing that user to access other information.

Now I have following questions:

  1. How server come to know that request is came from same browser and from same machine?
  2. I found that, SessionId is different for different browser but it is same for same browser on different machine, so If I logged in from machine1 and with google chrome, then is it possible to use same session for different browser?(means session will be available for different machine with same browser. Is it possible?)
  3. How server understand that request is for same user, who is logged in?
  4. In asp.net session is maintained by viewState, but view state is not used in MVC, then what is used in MVC?
like image 518
Ashok Avatar asked Dec 02 '14 08:12

Ashok

People also ask

Is it good to use session in MVC?

It is perfectly OK to use sessions in ASP.NET MVC, especially in the shopping cart scenario of yours.

How does .NET session work?

When session state is enabled for an ASP.NET application, each request for a page in the application is examined for a SessionID value sent from the browser. If no SessionID value is supplied, ASP.NET starts a new session and the SessionID value for that session is sent to the browser with the response.

1 Answers

First I suggest to read this Wikipedia article about HTTP sessions. The answers on your question:

  1. With every request the client sends its SessionId in either a cookie or the query string.
  2. This should not be possible by default. But it can be done by session hijacking.
  3. The server reads the SessionId which was sent by the client in question 1. The server maintains for example a key value data object so it can load the right data for the given SessionId.
  4. ASP MVC doesn't use a viewstate since it's a completely different approach than ASP.NET. See this question for more information.
like image 88
Marthijn Avatar answered Sep 21 '22 14:09

Marthijn
Sign in to Comment

Related questions

Content-Disposition Filename not working on IE
Convert HTML to PDF using itextsharp
Why does ASP.NET Web Api model binding uses the parameter type to determine the source of the value?
How to catch undefined api method calls in ASP.NET MVC4 Web API
Does http compression also compress the viewstate?
How to split deployment of web application between web and image servers
Why is Page.PreviousPage always null?
How to post a collection to WebApi using Restangular.Js
How update textbox in a loop running on another thread in C#
jQuery Autocomplete Component
MVC Child Action throws Illegal Characters in Path
styling KML files in c#
EntityFrameworks.dll file missing?
KnownType attribute cannot use type parameters
Consuming shared IObservable from SignalR
ASP.Net Web Api Help page based on authorization
Web API Security and Authentication - bearer token
Custom user authorization based with roles in asp.net mvc
How to set private fields on a domain model in the repository
Can we use SignalR with WebRTC video calling in WebForms

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!