Start to learn the relationship between Asp.net -- sessionid and session

1. Cookie

The cookie is stored on the client. the header set-Cookie returned by the server is created, saved, and deleted by the browser upon expiration. By default, the cookie life cycle is the browser process cycle. The server can also explicitly specify the cookie retention time. The browser sets the cookie retention time based on the specified cookie and saves it to the client hard disk. Cookie is the content of the HTTP protocol specification and an international standard.

 

2. Session

Session, which is stored on the server and used to store data in one session. What is a session? There is no standard definition, which is determined by the programmer. If it represents a session, that is, how to separate different sessions, generally through sessionid, each session has its own ID card number, that is, sessionid. Sessionid is a string that is generally stored on the client through cookies. When a browser sends a request, the sessionid is included, so that the server can determine the session of the request through sessionid. The default session lifecycle is 20 minutes, and the sliding survival policy is used.

 

3. Relationship between sessionid and session

In this case, the life cycle of the cookie storing sessionid is set to one year, and the session cycle is set to 20 minutes. If the browser does not access the server within 20 minutes after a session is created, the session created 20 minutes ago is released, and the sessionid in the cookie still exists, however, the server has no session corresponding to this sessionid. In this case, another session can be created based on the same sessionid. An employee ID and employee ID can only correspond to one or no employee at a fixed time, but at different time points, the same employee number can correspond to different employees. Because employees can resign and new employees at any time, and employee numbers can always be retained.