Asp.Net Session Management Interview Questions

What is a Session?
A Session is a unique instance of the browser. A single user can have multiple instances of the browser running on his or her machine. If each instance visits your Web application, each instance has a unique session.A session starts when a user accesses a page on a Web site for the first time, at which time they are assigned a unique session ID. The server stores the user’s session ID in the Session.SessionID property.

What is the default session timeout period?
20 minutes.

Where do you generally specify the Session Timeout?
You specify the Session Timeout setting in the web.config file.

Can you specify Session Timeout in a code behind file?
Yes, can specify the Session.Timeout property as shown below in a code behind file.
Session.Timeout = 10;

How do you end a user session?
You can call the Session.Abandon() method to end a user session. If a user then tries to access a page the server will assign them a new session ID and it will clear all the previous session variables. You’ll typically use Session.Abandon() on log-out pages.

What type of data can you store in Application State and Session State variables?
Application State and Session State variables are used to store data that you want to keep for the lifetime of an application or for the lifetime of a session. You can store any type of data in the Application or Session state, including objects.

Are Application State or Session State variables type safe?
No, Application and Session state variables are created on the fly, without variable name or type checking.

Do maintaining Session state affects performance?

Can you turn of Session state?
Yes, Session state can be turned off at the application and page levels.

Are Application state variables available throughout the current process?
Yes, Application state variables are available throughout the current process, but not across processes. If an application is scaled to run on multiple servers or on multiple processors within a server, each process has its own Application state.

How do you disable Session state for a Web form?
To turn Session state off for a Web form set EnableSessionState property of the Page to False.

How do you turn Session state off for an entire web application?
In the Web.config file, set the sessionstate tag to False.

What are Application State variables?
Application State variables are global variables that are available from anywhere in the application. All Sessions can access Application State variables.

How to add and remove data to Application State Variables?
//Code to add data to Application State
Application.Add(“AppName”, “Sample”);

//Code to remove data from Application State

How do you remove all Application State Variables data?
//Code to remove all Application State Variables data

What are the different techniques to send data from one web form to another web form?
1. Query strings :
Use these strings to pass information between requests and responses as part of the Web address. Query strings are visible to the user, so they should not contain secure information such as passwords.

2. Cookies :
Use cookies to store small amounts of information on a client. Clients might refuse cookies, so your code has to anticipate that possibility.

3. Session state :
Use Session state variables to store items that you want keep local to the current session (single user).

4. Application state :
Use Application state variables to store items that you want be available to all users of the application.

Give an example of using querystrings to send data from one page to another?
Query strings are a very simple and popular technique to pass data from one Web page to the next. You send data as part of the URL. In the below example FName and LName are sent as part of the URL. In the page load of QueryStrings2.aspx we use Request.QueryString to read the values. As we are sending more than one query string we use the & symbol to seperate query strings.

//Code to send query strings FName and LName as part of the URL

protected void Page_Load(object sender, EventArgs e)
//Code to read Query String values
string FirstName = Request.QueryString[“FName”];
string LastName = Request.QueryString[“LName”];
Response.Write(“Data from QueryStrings1.aspx : ” + FirstName + “, ” + LastName);

Give an example to send Query Strings from code?
You can send query strings from server side code using the Response.Redirect() method as shown below.

What are the advantages of using Query Strings?
Query strings are easy to implement.
2. Browser support for passing values in a query string is nearly universal.
3. Query strings are contained in the HTTP request for a specific URL and do not require server resources.

What are the disadvantages of using querystrings to send data from one page to another?
Query strings are insecure because the information in the query string is directly visible to the user on the address line in the browser.
2. Many browsers impose a 255 URL character limit which can limit their flexibility.

What are Cookies in ASP.NET?
Cookies are small pieces of information stored on the client computer.Use cookies to store small amounts of information on the client’s machine. Web sites often use cookies to store user preferences or other information that is client-specific. Because cookies can be refused, it is important to check whether the browser allows them before you try to create them.They are limited to storing only character data and they are limited to 4K in size.

What are different types of Cookies?
Session Cookies
Persistent Cookies

What are Session Cookies?
Session cookies are stored in-memory during the client browser session. When the browser is closed the session cookies are lost.

How can you create Session Cookies?
You can create session cookies by calling the Add method of the Cookies collection on the Response object. The Cookies collection contains individual cookie objects of type HttpCookie.

//Code to create a UserName cookie containing the name David.
HttpCookie CookieObject = new HttpCookie(“UserName”, “David”);

//Code to read the Cookie created above

What is the difference between Session Cookies and Persistent Cookies?
Persistent Cookies are same as Session Cookies except that, persistent cookies have an expiration date. The expiration date indicates to the browser that it should write the cookie to the client’s hard drive. Keep in mind that because a user can delete cookies from their machine that there is no guarantee that a cookie you “drop” on a user machine will be there the next time they visit your site.

What are Persistent Cookies used for?
Persistent cookies are generally used to store information that identifies a returning user to a Web site. Typical information found in Persistent Cookies includes user names or user IDs.

How do you create a Persistent Cookie?
You create a persistent cookie the same way as session cookies except that you set the Expires property to a Date in the future which will store the Cookie to the client computer harddrive.

//Code to create a UserName Persistent Cookie that lives for 10 days
HttpCookie CookieObject = new HttpCookie(“UserName”, “David”);
CookieObject.Expires = DateTime.Now.AddDays(10);

//Code to read the Cookie created above

What is Cookie Dictionary?
A cookie dictionary is a single cookie object that stores multiple pieces of information. You use the Values property to access and assign new values to the cookie dictionary.

Give an example using Cookie Dictionary?
//Code to create a Cookie Dictionary
HttpCookie CookieObject = new HttpCookie(“UserPreference”);

//Use the Values property to assign new values to the cookie dictionary
CookieObject.Values.Add(“UserName”, “David”);
CookieObject.Values.Add(“Country”, “USA”);
CookieObject.Values.Add(“PreviousVisit”, DateTime.Now.ToString());
CookieObject.Expires = DateTime.MaxValue;

//Add the Cookie to the client machine using the Response object

//Code to read the Cookie created above
HttpCookie ObjectCookie = Request.Cookies[“UserPreference”];
string UserName = ObjectCookie.Values[“UserName”];
string Country = ObjectCookie.Values[“Country”];
string PreviousVisit = ObjectCookie.Values[“PreviousVisit”];

What are the advantages of Using Cookies?
1. Cookies do not require any server resources since they are stored on the client.
2. Cookies are easy to implement.
3. You can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client computer (persistent cookies).

What are the disadvantages of Using Cookies?
1. Users can delete a cookies.
2. Users browser can refuse cookies,so your code has to anticipate that possibility.
3. Cookies exist as plain text on the client machine and they may pose a possible security risk as anyone can open and tamper with cookies.

How do you create a Cookie that never expires?
To create a Cookie that never expires set the Expires property of the Cookie object to DateTime.MaxValue.

Are Cookies secure?
No, Cookies are not secure. You must pay attention to the type of data you store in cookies.
1. Cookies are not designed to store critical information so storing passwords in a cookie is a bad idea.
2. Keep the lifetime of a cookie as short as practically possible.
3. Encrypt cookie data to help protect the values stored in the cookie.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s