Is a Session ID generated on the Server-side or Client-side?

asp.net session server-side sessionid client-side
Rory Becker picture Rory Becker · Oct 24, 2008 · Viewed 11.9k times · Source

This web page http://www.w3schools.com/ASP/prop_sessionid.asp states that a session ID is generated on the ServerSide.

If this is the case, then how does a server know it's still the same client on the 2nd request response cycle?

Surely the SessionId would be generated on the ClientSide so that the client would be sure of passing the same value to the server?

Answer

Noah Goodrich picture Noah Goodrich · Oct 24, 2008

The SessionID is generated Server Side, but is stored on the Client within a Cookie. Then everytime the client makes a request to the server the SessionID is used to authenticate the existing session for the client.

Related questions

How to set session timeout in web.config

I have tried very hard but cannot find a solution on how to set session timeout value for in-process session for an ASP.Net web application. I am using VSTS 2008 + .Net 3.5 + C#. Here is what I wrote by myself to …

Read More
Session timeout in ASP.NET

I am running an ASP.NET 2.0 application in IIS 6.0. I want session timeout to be 60 minutes rather than the default 20 minutes. I have done the following Set <sessionState timeout="60"></sessionState> in web.config. Set session timeout …

Read More
How to delete cookies on an ASP.NET website

In my website when the user clicks on the "Logout" button, the Logout.aspx page loads with code Session.Clear(). In ASP.NET/C#, does this clear all cookies? Or is there any other code that needs to be added …

Read More