Using ASP. NET Session State in a Web Service

Quick Overview of ASP. NET Sessions
ASP. NET session state is maintained by using one of two underlying mechanisms. the first is by using HTTP cookies. the idea behind HTTP cookies is that when the client sends a request, the server sends back a response with an HTTP Set-Cookie header that has a name/value pair in it. for all subsequent requests to the same server, the client sends the name/value pair in an HTTP Cookie header. the server then can use the value to associate the subsequent requests with the initial request. ASP. NET uses a cookie that holds a session ID to maintain session state. then that ID is used to find the corresponding instance of the HttpSessionState class for that participant user. the HttpSessionState class provides just a generic collection in which you can store any data that you want.
The other mechanic that ASP. NET uses for maintaining session state works without cookies. some browsers do not support cookies or are not configured to keep and send cookies. ASP. NET provides a mechanic for getting around this problem by redirecting a request to a URL that has the ASP. NET session ID embedded in it. when a request is received Ed, the embedded session ID is simply stripped out of the URL and is used to find the appropriate instance of the session object. this works great for browsers that are doing http get requests, but creates issues when writing Microsoft & reg ;. NET code that consumes an XML Web service.
It shoshould be noted that sometimes it makes sense to store state information in cookies themselves instead of in the ASP. NET session object. by avoiding the session object, you use fewer resources on the server, and you do not have to worry about issues like locating a specific instance of the session object within ss a Web farm, instances of the session object being cleaned up because of a long delays between requests, or session instances lingering around und for no reason until their timeout period expires. however, if you have data that has des implementation information that you do not want to share with the consumers of your service, or is private data that you do not want to send messages SS an unencrypted channel, or if the data wocould be impractical to serialize into an HTTP header, then it may make sense to take advantage of the HttpSessionState class in ASP. NET. the HttpSessionState class returns an index key that is used to map a participant user to an instance of the HttpSessionState class that holds information stored for that user. both the ASP. NET HttpSessionState class and HTTP cookies are available to users writing ASP.. NET Web services.