About Session Management in a Web Based Enterprise Application

In a web based application a session is started when client makes a request and ends when the request ceases i.e. client has stopped requesting the services. During this interaction between client and the Web server (which will serve the client’s request) there is some exchange of information.

This information can be client’s ID or password, any type of data filled in a web form etc. It is referred as session state. It is the responsibility of the application to find a way to maintain the session state as web components lacks persistence.

This can be done at the client side as well as on server machine. The most common techniques for storing the session state at the client side is by using cookies, by rewriting URL and by using hidden field in the form.

These ways are dependent on the client machine and session state can be lost if the client’s machine fails. To overcome these drawbacks there is an alternative to maintain session state on the server. We will discuss the techniques of storing session state by server later. First we will unleash the client side session management techniques.

Using cookies to maintain a state is very common. It is a small piece of information which is stored on client’s system and initially generated by the web server in a HTTP response. The browser which receives this response save the cookie in the client’s machine and include it in the subsequent HTTP requests.

For example consider the following part of a HTTP response,

HTTP/1.0 200
Content-Length: 1345
Content-Type: text/html
Date: Tue, 06 Nov 2008 04:12:49 GMT
Expires: Tue, 06 Nov 2087 04:12:59 GMT
Server: Taleo/3.1.6
Set-Cookie: book=java-book


Now the browser receiving this request will generate the subsequent requests with the following part:

GET /book/java.jsp HTTP/1.0
Connection: Keep-Alive
Cookie: book=java-book
Host: www.ebook.com
Referer: http://www.ebook.com/

In URL rewriting strategy some additional field names and values are extracted from the web form, placed into a query string and then passed as a part of URL. Consider the following case:

<p><a href=”http://www.ebooks.com/java/java1.jsp?ID=123>click here</a></p>

Here we can use two or more name and value pairs separated by &. For example in the above mentioned URL if name is also passed it would look like: ?ID=123&NAME=Steven

Another way to maintain session state by client is the use of Hidden fields in HTML form which is same as any other form element and can hold a value. The essence of the process is to assign session state as a value to the Hidden field. This value is extracted and sent to the server as a parameter during the session hence storing the session.

Now we will move to the other way of maintaining session state which is by server side. Definitely maintaining state through server is more secure and reliable. This can be achieved through application state, session state or through database support.

In large scale transaction, huge amount of data is transferred between client and server. To maintain the session state it is important to store this data till the session survives. So database support is used to handle this situation.

Other techniques for session state management are by using application state or session state. When the scope of information exchanged is application specific i.e. information is shared by multiple sessions of an application and it does not change frequently then application state is used to store session.

On the other hand if we are dealing with information which changes frequently and there is need of creating and maintaining every session state of application, session state is used. So while using session object a unique session id is assigned to every session in order to differentiate between the multiple session states.

FREE Subscription

Subscribe to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.


Note : We never rent, trade, or sell my email lists to
anyone. We assure that your privacy is respected
and protected.

Visit .NET Programming Tutorial Homepage


Recommended Resource

| About Runtime Components of .NET Framework | About Session Management in a Web Based Enterprise Application | An introduction to Microsoft Mobile Internet Toolkit (MMIT) | How to Internationalize Your .NET Application | How to Create a Document Type Definition (DTD) | How to Create a .NET Windows Service Easily | Knowing the Difference Between Application Server and Web Server | Understanding Key Advantages of .NET Type System | Understanding Some Basic Language Related Features of C# |

“Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.”

| Privacy Policy for www.dotnet-guide.com | Disclosure | Contact |

Copyright - © 2004 - 2022 - All Rights Reserved.