Asp.Net 禁用cookie后使用session

时间:2022-02-27 07:40:06

原文地址:http://www.c-sharpcorner.com/UploadFile/deepak.sharma00/using-cookie-less-session-in-Asp-Net/

How to Cookie-less Session

By default a session uses a cookie in the background. To enable a cookie-less session, we need to change some configuration in the Web.Config file. Follow these steps:

  1. Open Web.Config file
  2. Add a <sessionState> tag under <system.web> tag
  3. Add an attribute "cookieless" in the <sessionState> tag and set its value to "AutoDetect" like below:

    <sessionState cookieless="AutoDetect" regenerateExpiredSessionId="true"/>

The possible values for "cookieless" attribute are:

  • AutoDetect : Session uses background cookie if cookies are enabled. If cookies are disabled, then the URL is used to store session information.
  • UseCookie: Session always use background cookie. This is default.
  • UseDeviceProfile: Session uses background cookie if browser supports cookies else URL is used.
  • UseUri: Session always use URL.

"regenerateExpiredSessionId" is used to ensure that if a cookieless url is expired a new new url is created with a new session. And if the same cookieless url is being used by multiple users an the same time, they all get a new regenerated session url.

We have configured our "Web.config" file to enable cookieless session. Now, its time to test it.