1. SESSIONS & COOKIES
Are state management techniques (used to maintain the state of the application
since http is a stateless protocol).
2. Basic about State Management in ASP.NET
• ASP.NET framework provides various ways to preserve
states at various stage.
• Controlstate, viewstate, sessions, cookies etc.
• This can be categorised as client side and server side
state management techniques.
• Session stores variables on the Server Side.
• Session will allocates memory in the web server and for every
user server will allocates memory, so Session is per user
• Sessions are generally used to maintain state when you
navigate through a website. However, they can also be used to
hold commonly accessed objects.
• Every session is identified by a unique session id.
• Sessions are not reliant on the user allowing a cookie. They
work instead like a token allowing access and passing
information while the user has their browser open.
• The problem with sessions is that when you close your
browser you also lose the session. So, if you had a site
requiring a login, this couldn't be saved as a session like it
could as a cookie, and the user would be forced to re-login
every time they visit.
Session["Name"] = “textName”;
• The first line of code takes the value of the Name textbox
control and stores it in the Session object. By specifying the
code of Session["Name"] , we are giving the property a name
called "Name." By specifying a name for the property, it
becomes easier to retrieve it at a later point in time.
• The next line of code retrieves the stored value from the
Session object. It then writes this value via the
'Response.Write' method back to the client.
5. ADVANTAGES AND DISADVANTAGES
Session provide us a way to maintain user data, all over
We can store any type of object in it.
Session is secure and transparent from the user.
Performance overhead in case of large volumes of user,
because data is stored in server memory.
• Basically a cookie is Client Side variable and will store data either in browser or in
system hard disk.
• Cookies are stored per-user on the users machine. A cookie is usually just a bit of
• You can never fully trust that a cookie has not been tampered with by a user or
you can either encrypt your cookies or set them to only be transmitted.
• A user can clear there cookies at any time or not allow cookies altogether so you
cannot count on them being there just because a user has visited your site in the
• A cookie can keep information in the user's browser until deleted. If a person has a
login and password, this can be set as a cookie in their browser so they do not have
to re-login to your website every time they visit.
• You can store almost anything in a browser cookie.
• The trouble is that a user can block cookies or delete them at any time. If, for
example, your website's shopping cart utilized cookies, and a person had their
browser set to block them, then they could not shop at your website.
8. ADVANTAGES AND DISADVANTAGES
It is very simple to use and implement.
Browser is in-charge of sending data.
For multiple sites with cookies, the browser automatically
It stores data in simple text format, so it’s not secure at all.
There is a size limit for cookies data(4KB).
Most browsers provide limits for number of cookies at a time
which is 20.
9. DIFFERENCE BETWEEN COOKIES AND
Note: You can of course get the best of both worlds! Once you know
what each does, you can use a combination of cookies and sessions to
make your site work exactly the way you want it to.
1. Client-side state management
technique, stored in on client's
2. Can store text data.
3. Not suggestible for storing
4. Cookie doesn't have a self-
1. Server-side state management
technique, stored in server.
2. Can stored an object.
3. Can be used for storing critical
4. Session expires after 20
minutes by default.