Now I'm reading a book and in the book it says: "Both Session State and Application state are used for storing a small amount of insecure global information that does not change frequently" Based on that I have five questions: In MVC4 we can access session by HttpContext.Session, what's the difference between this and HttpContext.Current.Session? What's application status used for? What's the practical difference between Session and Application state? For which user info we cannot store in session but only store in server database? Many many browser side cookies have been disabled, does that mean cookie are no longer in use when developing web application? I hope this is not only helpful to me but also will help others who see this Any suggestion are welcomed!

Reputation: 1114

What's the strategy of storing User info in ASP.NET MVC4

Now I'm reading a book and in the book it says:

"Both Session State and Application state are used for storing a small amount of insecure global information that does not change frequently"

Based on that I have five questions:

In MVC4 we can access session by HttpContext.Session, what's the difference between this and HttpContext.Current.Session?
What's application status used for?
What's the practical difference between Session and Application state?
For which user info we cannot store in session but only store in server database?
Many many browser side cookies have been disabled, does that mean cookie are no longer in use when developing web application?

I hope this is not only helpful to me but also will help others who see this

Any suggestion are welcomed!

Upvotes: 3

Reputation: 4021

They both point to the same object.
ApplicationState if for sharing data between different Session objects which are tied to a concrete user session
I stated the main difference under the previous point. To elaborate: objects stored in Session are only accesible to requests that are run under that session (they have session cookie or identification string in url). Objects stored in Application, on the other hand, are available everywhere (for instance in global.asax) and are not dependent on current user.
It depends on your paranoia level. I would not store credit card information or social security number or passwords in an unencrypted format in Session. On the other hand I would not store them unencrypted on the database as well. SessionState can, by the way, be configured to reside in database and thus be shared between different machines.
ASP.NET functions better with cookies. There are ways of making it work without cookies, but it will involve a lot of work.

Upvotes: 2

Reputation: 9901

There is no difference. Use HttpContext.Current.Session when you are not on a view.
For storing application-wide information that applies to all users. There is only one at a time and the values are the same for all users.
Sessions are at a user level. Application is system-wide. If you need to keep information specific to a user, use session. If the value will be the same for all users, use Application.
Not sure what you mean

Upvotes: 2