Session variable knowledge summary!

1. Can I set the session validity period so that it does not expire for a long time?
answer session. setmaxinactiveinterval (-1);
Method 1: Set to-1, permanent
Method 2: repeatedly rewrite the session to be used
method 3: Combine with cookies, ensure that your system runs properly
Method 4: Set the session time to a long time, for example, 1000000000
conclusion: If you are very busy setting the session permanent server, it is not a good choice!
2. Where should session. Timeout = 5 be written? How to Use sessionid?
A session can be started in three ways:

A new user requests a URL that identifies an applicationProgramAnd the global. Asa file of the application contains the session_onstart process.
The user stores a value in the session object.
The user requests an application's. asp file, and the global. Asa file of the application uses the <Object> tag to create an instance of an object with a session scope.
If the user does not request or refresh any page in the application within the specified time, the session ends automatically. The default value is 20 minutes. You can change the default timeout limit of an application by setting the Session Timeout attribute on the "application options" property page in Internet Service Manager. This value should be set based on the requirements of your web application and the memory space of the server. For example, if you want users browsing your web application to stay on each page for only a few minutes, you should shorten the default session timeout value. A too long session timeout value will cause too many sessions to be opened and exhaust your server's memory resources.

For a specific session, if you want to set a timeout value smaller than the default timeout value, you can set the timeout attribute of the session object. For example, the following script sets the timeout value to 5 minutes.

<% Session. Timeout = 5%>
You can also set a timeout value greater than the default value. The session. Timeout attribute determines the timeout value.

You can also end a session explicitly by using the abandon method of the session object. For example, a "exit" button is provided in the table to set the action parameter of the button to the URL of the. asp file containing the following commands.

<% Session. Abandon %>

---------------------------------------------------------
About sessionid and cookie
When the user requests the. asp file in the given application for the first time, ASP generates a sessionid. Sessionid is composed of a complexAlgorithmThe generated number that uniquely identifies each user session. When a new session starts, the server stores the session ID as a cookie in the user's web browser.

Sessionid is similar to the key. When a user interacts with an application during a session, ASP can store user information in a secure box on the server. Just like using a key to access items in a safe deposit box, you can access the content in the safe box by sending the user sessionid cookie in the HTTP request title. Whenever ASP receives a page request, it checks the HTTP request title to obtain the sessionid cookie.

After the sessionid cookie is stored in the user's browser, even if the user requests another one. ASP file, or request to run in another application. ASP file, ASP will still reuse this cookie to track sessions. Similarly, if the user deliberately waives the session or causes the session to time out and then requests another. asp file, ASP starts a new session with the same cookie. Only when the server administrator restarts the server or the user restarts the web browser, the sessionid settings stored in the memory will be cleared and the user will obtain the new sessionid cookie.

By reusing the sessionid cookie, ASP minimizes the number of cookies sent to the user's browser. In addition, if you decide that your ASP application does not require session management, ASP will not be able to track sessions and send sessionid to users.

3. How can I set the session survival time?
Method 1: the most effective method is to set session. Timeout = 15 in sub session_onstart.
Method 2: set local IIS settings. Default website> site> right-click Properties> Asp.net> edit Configuration
Method 3: In the Web. xml file
<Session-config>
<Session-Timeout>
30
</Session-Timeout>
</Session-config>