Do session use cookies?

Question

This is an interview question asked a month ago....

Do session use cookies? If so,how do they do so?

Assume Session["UserId"]=1 how does this session variable uses cookies internally? If so, what will be the name of the cookie and what is the value of that cookie....

Answer 1

Yes, Session management is done using a kind of session-id i.e. cookies. cookies maintained in the browser help backend to identify users.

If you access an application from two browsers of same machine then two cookies will be maintained where each browser is a separate user for Asp.Net backend application

Answer 2

Every session will have SessionID. And Session ID is a unique number, server assigns to a specific user, during his visit(session). And defaultely, session ID is attached to a cookie and this cookie will be shared from client to server (and server to client) during its requests/responses. And server will identify session based on session id which is retrieved from cookie.

And regarding cookieless, if your browser doesnt support cookie or disabled, then cookieless will be used. Since it is Cookieless, asp.net can not create a cookie to save session id. Instead, the session id will be passed in query string...

Answer 3

Whilst the data its self is stored on the server (or in SQL if configured that way), there needs to be a way to associate session data with specific users.

By default this is done with a cookie, but you can configure cookieless in which case the unique id is stored in the URL.

From Microsoft:

ASP maintains session state by providing the client with a unique key assigned to the user when the session begins. This key is stored in an HTTP cookie that the client sends to the server on each request. The server can then read the key from the cookie and re-inflate the server session state.

http://msdn.microsoft.com/en-us/library/ms972429.aspx

Answer 4

no, stored on server somewhere in tmp folder. sessions are serverside, cookies are client side.