Set Sessionstate cookieless=“true” in asp .Net, is the sessions state maintained?

Question

How can the session state be maintained in asp.Net, if the cookies are turned off in browser or cookieless=\"true\" is added within sessionmode tag

Answer 1

Answer is yes, it will still maintain session via URL. It will attach unique identifier for session to URL, that unique identifier is stored in cookie for cookieless = false.

URL will look like this - http://yourserver/folder/(session ID here)/default.aspx

Live example -

http://localhost:2677/WebSite1/(S(3abhbgwjg33aqrt3uat2kh4d))/cookielesssessiondetection.aspx

Here 3abhbgwjg33aqrt3uat2kh4d is session id.

Answer 2

ASP.NET framework inserts a unique id to the URL, you can check this by disabling the cookie or by setting the cookieless attribute to true as you did.

According to MSDN:-

By default, the SessionID value is stored in a non-expiring session cookie in the browser.

If you specify cookieless="true" then:

ASP.NET maintains cookieless session state by automatically inserting a unique session ID into the page's URL.