Where are store SessionID on the client

Question

I have a web site in ASP 3.0. This web site initialize authentication by session on the server, and retreive the id of the user in the session. A multiple clients access to the web site with no problem.

Some of them lost there session. I think is due to a client configuration with the sessionID token or someting like that.

Could some body tell me where are stored the sessionID on the client machine.

Thanks.

I read this post and just need to know what will be the name of the cookie ? Is it the same cookie that we can read/write in code ?

I try to find a way to identify, the sessionID storing on the client machine and the connected session on the server. Did a way to do that ?

Answer 1

The server allocates a session and stores its ID in a cookie, known as the session cookie. The ASP Session cookie has this format:-

ASPSESSIONIDACSSDCCC=APHELKLDMNKNIOJONJACDHFN

Note that last 8 characters in the name of the cookie will vary from one instance of your application to the next. Hence to even discover the cookie you need to enumerate all the cookies looking for any that match the pattern ASPSESSIONIDxxxxxxxx.

I'm not sure what you could usefully do with this cookie once you have acquired it.

Answer 2

Session ID's can be stored in multiple ways on the client but it's the server configuration that specifies the exact way. If possible, cookies will be used. Otherwise, the session ID might be part of the URL or be part of the web page itself as a hidden form variable. Also, session ID's are often created to time out after a while. If a user isn't contacting the server within e.g. 20 minutes, the session expires and a new session would be required.