Support us .Net Basics C# SQL ASP.NET ADO.NET MVC Slides C# Programs Subscribe Buy DVD

Cookie less sessions in - Part 63

Suggested Videos
Part 60 - Cookies in
Part 61 - How to Check if cookies are enabled or disabled
Part 62 - session state

In this session, we will discuss about cookie less sessions in By default sessions use cookies. The session-id is stored as a cookie on the client computer. This session-id, is then, used by the web-server to identify if the request is coming from the same user or a different user.

We will be using the same example used in Part 62, to demonstrate cookieless sessions. Run the application, and navigate to webform1.aspx. I am using google chrome as my default browser for visual studio. To set google chrome as default browser.
1. Right click on WebForm1.aspx in the solution explorer
2. Select Browse with option
3. From the list select Google chrome
4. Click "Set as Default" button
5. Finally click browse.

At this point, webform1.aspx will be opened using google chrome. Fill in the details for Name and Email fields, and click "Go To WebForm2" button. To view the session cookie
1. Right click on the browser, and select "Inspect Element"
2. Click on the "Resources" button
3. Expand cookies in the "Resources"
4. Finally, select localhost
5. You should now see a cookie with ASP.NET_SessionId

Now, let's disable cookies. To disable cookies in chrome
1. Click on the Button, next to the address bar, in the browser and select "Settings"
2. In the "Search Setting" text box, type cookies.
3. In the search results, click "content settings" button under privacy
4. Under "cookies", select "Block sites from setting any data" and click OK.

So, the cookies are disabled now. Run the application, and navigate to WebForm1.aspx. Fill name and email fields and navigate to WebForm2.aspx. Notice that the Name and Email fields are not displayed. This is because, cookies are disabled. When cookies are disabled, the session-id is not sent to the server. So the server has no way to figure out, if the request for WebForm2.aspx has come from the same user. That is the reason why these fields are not displayed on WebForm2.aspx.

Some of the users, does not like websites writing information to their computers. So it is very common for, users to disable cookies. If that is the case, then websites using cookies, to manage sessions may not work as expected. However, to overcome this problem, cookieless sessions can be enabled. To enable cookieless sessions, set cookieless="true" in web.config as shown below.
<sessionState mode="InProc" cookieless="true"></sessionState>

With this change, navigate to WebForm1.aspx, fill in Name and Email fields, and then navigate to WebForm2.aspx, and notice that, the Name and Email, fields are displayed as expected. Notice, that the session-id is now part of the URL. This session-id is sent back and forth between the client and the web server, with every request and response. The web server, uses the session-id from the URL, to identify if the request has come from the same user or a different user.

For cookieless sessions to work correctly, relative URL's must be used in the application, when redirecting users to different webforms. For example, if you are on and if you want to navigate to WebForm2.aspx, then use
Response.Redirect("~/WebForm2.aspx") - Relative URL
and not
Response.Redirect("") - Absolute URL (or Complete Path)


If you like this website, please share with your friends on facebook and Google+ and recommend us on google using the g+1 button on the top right hand corner.