I have very good understanding on asp.net session management.
But i have few questions around that.
Any links/book which gives me very depth idea about session will helpful for me.
Thanks in Advance !!! Prashant
I have very good understanding on asp.net session management.
I think that you are misusing the terms here. ASP.NET Session is one thing, Forms Authentication is an entirely different thing. I suppose that you are talking about Forms Authentication here.
1) when session id is get created. when client login to application with user name and password. or when client try to access default.aspx page.
When someone calls the FormsAuthentication.SetAuthCookie method which usually happens once the username and password credentials are validated by the LogOn action.
2) how server serve client session request.
A forms authentication cookie is emitted to the client when the FormsAuthentication.SetAuthCookie method is called and this cookie gets sent to the server on each subsequent request. The cookie contains an encrypted value of the username that allows the server to populate the IPrincipal.
3) can we access session id in js?
No, the forms authentication cookie is emitted with the httponly flag meaning that it is not accessible to client scripting.
4) is there any difference between ASP.NET web form and ASP.NET MVC in terms of client server session creation?
They are absolutely the same. Actually there's no such notion as ASP.NET MVC client server session creation. All this mechanism is coming from ASP.NET.
Now let's suppose that you actually talked about ASP.NET Session in your question. I will try to answer your questions in that context:
1) when session id is get created. when client login to application with user name and password. or when client try to access default.aspx page.
Whenever some server side code attempts to read or write to the session using the HttpContext.Session property.
2) how server serve client session request.
A session cookie is emitted to the client when the some server side script attempts to read or write to the HttpContext.Session object. This cookie gets sent to the server on each subsequent request. The cookie is just an id that allows to access the session data which is stored on the server. By default session data is stored in memory. But you could also configure ASP.NET to store it out-of-proc or in SQLServer. For more information about the various session state modes please refer to MSDN.
3) can we access session id in js?
No, the ASP.NET session cookie is emitted with the httponly flag meaning that it is not accessible to client scripting.
4) is there any difference between ASP.NET web form and ASP.NET MVC in terms of client server session creation?
They are absolutely the same. Actually there's no such notion as ASP.NET MVC client server session creation. All this mechanism is coming from ASP.NET.