Session Alternatives

Session alternatives

1. Cookies
   1. More scalable
   2. Free memory on server
   3. Persist. Does not delete after session expires.
   4. Mostly not enable in client browser
   5. More security risk than sessions it can be tracked by any virus. Use encrypted.
   6. Limited in size 4kb max
   7. Has to send to server with each request. Bandwidth cost increases.
   8. Can be delete by user/browser/any automated system. Limit is 20 cookies per domain.
2. Querystring
   1. Cannot transfer lot of data
   2. Old asp way to communicate
   3. Security issue
3. URL rewriting
   1. but it cannot be used for identification values or ids
4. Viewstate
   1. Cannnot be used to communicate between pages.
5. Hidden fields
   1. Cannnot be used to communicate between pages.
6. Profile properties
   1. It also uses a session identifier along with database
   2. It remains after user leaves
   3. Similar as our tempt able but only difference is it is asp.net default mechanism
7. Forms authentication with session id only and keep everything in the database.
   1. Scalable method
   2. By default store data in database.
   3. Data does not delete when session expires. Or web app restarted.
8. Previous page directive. Or previous page references.
   1. This can be used only for postback urls changed to different url.
   2. A lot of code has to be written.
9. Sessions

Cookies like sessions too, could be easily read. For sensitive information, better use Forms or Windows authentication. The most reliable way to keep user's information across sessions is to store them to database on server. You can do it manually, but it is usually more efficient to use Profile properties.

 

Profile properties also persist between sessions. Unlike cookies, data are stored on server side (in Sql Server database by default). Profile properties work with both authenticated and anonymous users and even support migrating of data when anonymous user log in.