How does the server identify a browser ?
The first time when a browser request a page, server establishes a session and creates a session Id. Server returns this ID to the browser as part of the 'Response'. This ID is not displayed to the user. Browser will keep this internally.
There are cases where this Session ID can be visible to the users. Visit HomeDepot.com and hit any link from the home page. Then check the URL in the browser. You can see a string like BV_SessionID=@@@@0941891585.1123945660@@@@. This number represents the session id. This particular site sends the session id as a query string in the URL. If you delete this session id from the url, server will treat it as a new session and will create a new session.
But ideally, in a ASP.NET web site, there is no need to make the session id publicly visible. Server can keep it internally and send to server without annoying you.
After the browser gets a session ID, it will send the session ID to the server along with each additional page requests it makes. The webserver can identify the sessions using this Id. For some reason, if the session times out, then this ID will be no longer valid. In such cases, server will create a new session and will treat this request as a new request.
Purpose of Session variables
In most of the web sites, when a user log In in the login page, they set few variables to session.
if (bLoginSuccess = true) then
Session("UserId") = txtLoginName.Text
Session("Name") = GetUserNameFromDatabase(txtLoginName.Text)
else
Response.Redirect ("LoginError.aspx")
end if
The above code stores the user's userid into a session variable called "UserId". All other pages will check if the user id is set in the session and if not, it will give an error message saying "you have not logged in".
dim userId as string = Session("UserId")
if ( userId = "" ) then
Response.Redirect("Login.aspx")
else
Response.Write ("Welcome " & Session("Name"))
end if
The above validation will be required only in the pages which needs user login. For example, in search4i.com, you can access most of the pages without logging in. Only when you submit an article or feedback, we will use the above code and validate your login. If you are not logged in, we will redirect you to login page automatically.
If you look at the top left corner of this site, you can either see 'Login" or "Welcome
". We have used a logic similar to what is shown below, to display appropriate message.
dim userId as string = Session("UserId")
if ( userId = "" ) then
Response.Write("Login")
else
Response.Write ("Welcome " & Session("Name") & ")
end if
As you can see from the above examples, session variables are used to store small key-value pairs in the memory. You can use session variables to store values from one page and access the values from other pages for the same user. If you set a value in session variable from one page, you can retrieve the value from any other page in the same session.
The most important point to remember is, whatever value you store in session will be valid only until the session expires. Also, this value will not be accessible for another user/session.