Session in ASP.Net

Consider a user visiting pages on an online shopping site. Now if that user has put 1 item in his cart and moved ahead 2 pay bill but suddenly he remembered that he wanted to order some other item too. So he goes back to previous page on which he has to add items to add that other item which he wanted to buy. But what he gets is the same page but the item he had selected is disappeared. Where did it go? It has got discarded. So he has to enter both items again. This is ok as he had added only 1 item but what if he would have already added 25 items? Just for adding 1 more item he had to type those previous 25 items again. Irritating? But a solution was given to this through a feature of ASP.Net. SESSION… Session is the thing in which we the previous requests are saved. So according to above example, the page on which 25 items were added will get saved in sessions so that even if he goes back his requests are retrieved. ASP.NET provides a solution for managing session information via the System.Web.SessionState namespace. This namespace describes a collection of classes used to enable storage of data specific to a single client within a Web application. Sessions can be used easily in ASP.NET with the Session object. For every client Session data store separately, means session data is stored as per client basis.
Basic Advantages: -
1) It helps to maintain user states and user data.
2) Implementation is easy.
3) Stores every client data separately.
4) It is secure.
Basic Disadvantages: -
1) It affects performance if number of users is large as session data is stored in server memory.
Let’s see how to store and retrieve values from sessions. In an ASP.NET page, the current session variables are exposed through the Session property of the Page object. We can interact with Session state with System.Web.SessionState.HttpSessionState class, because this provides built in Session Object with ASP.Net Pages.
Consider we have to store userId in session. Then we have to include following in our code: -
Session (“userId”) = txtuserId.Text
Similarly if we have to retrieve userId from session then we have to write: -
If Not Session (“userId”) Is Nothing Then
lbluserId.Text = “UserId is : “ & Session (“userId”)
End If

Each and every sessionId is identified by a unique Id which is known as SessionId. SessionId is created by Webserver when any page is requested by user. It is a 120 bit Id. The actual working between client, webserver and state provider is: -
1) Client requests for a page and wants to store information on it.
2) Webserver creates a secure SessionId and store data in state provider.
3) State provider stores client data separately.
4) When client wants to have same information again it again requests the same thing to webserver.
5) Server takes the SessionId and pass it to State Provider.
6) State provider sends data to Webserver based on SessionId.
In ASP.Net there are following session modes: -
1) InProc
2) StateServer
3) SQLServer
4) Custom
Details of these session modes will discuss in next blog.

In web.config, SessionState elements used for setting the configuration of session. Some of them are Mode, Timeout, StateConnectionString, Custom provider etc. Session Event is declared in global.asax. There are two types of Session Events: -
1) Session_Start
2) Session_End
When a new session initiate Session_Start event raised and Session_End event raised when a session is stopped.

Now as i mentioned in my previous blogs about cookies, in that i have mentioned that user's information is stored in cookies and in this blog I have written that user's information is stored in sessions.. Confused? Simple.. Cookies information is stored at client side in browser while Session information is stored at server side.. This is the difference between Cookies and Session.