原文地址:http://www.c-sharpcorner.com/UploadFile/deepak.sharma00/using-cookie-less-session-in-Asp-Net/
How to Cookie-less Session
By default a session uses a cookie in the background. To enable a cookie-less session, we need to change some configuration in the Web.Config file. Follow these steps:
- Open Web.Config file
- Add a <sessionState> tag under <system.web> tag
- Add an attribute "cookieless" in the <sessionState> tag and set its value to "AutoDetect" like below:
<sessionState cookieless="AutoDetect" regenerateExpiredSessionId="true"/>
The possible values for "cookieless" attribute are:
- AutoDetect : Session uses background cookie if cookies are enabled. If cookies are disabled, then the URL is used to store session information.
- UseCookie: Session always use background cookie. This is default.
- UseDeviceProfile: Session uses background cookie if browser supports cookies else URL is used.
- UseUri: Session always use URL.
"regenerateExpiredSessionId" is used to ensure that if a cookieless url is expired a new new url is created with a new session. And if the same cookieless url is being used by multiple users an the same time, they all get a new regenerated session url.
We have configured our "Web.config" file to enable cookieless session. Now, its time to test it.