Session object in ASP are there to store user specific information. In most cases sessions are used to maintain state as the user navigates through different pages. Some data we can pass by using query string, web forms and cookies but session variables has distinctive role than other ways while carrying data to different pages.
Say we want to carry the member login status to different pages and with this information the member can enter to members only pages. Here the session variables are stored at server side ( not at client side ) and it is connected to user browser. As long as the browser window is in contact with server, session details will be available and if there is no interaction from user end within a specific time the sessions variables will be destroyed. The user also can end or abandon the session. Let us learn some details about session object here.
Session ID is the unique link between browser and the server. Once the session is created a session ID is generated which is a unique number and it is kept at user end ( client browser ) using cookies. Server keeps all the variables corresponding to this session ID at server side. Each time browser moves to different pages it submit session ID to server and server after matching returns all the session variables associated with this session ID. This session ID is also used in many cases to identify and keep track of user activity. For example in a shopping cart script we can keep all the purchases done by the visitor in a temporary table with a unique field storing the session ID. Based on this session ID what are the purchases and the total quantity, packets etc can be calculated at the checkout time. Session ID is the best way to maintain unique link with the server as many other visitors will be using the same site and doing purchasing at the same time. Here Session ID acts like the visitors unique shopping cart. Here is an example on how to get browser session ID
When we should not use Session
Sessions are used to store user specific information so it should not be used to store global information. For example there is an announcement for all the members that site member area will not be available during a particular period due to schedule maintenance. This message is for all so we should not use session to store this message. In another case we are using a membership system where user login id is to be available inside other pages, here details are user specific so they are to be stored using session
Load on Server
All session variables are stored at server end. So each session of the visitor adds load to the server resources as server has to maintain the session variables. Say for example we are using ten variables for each session of the visitor. Now at a moment if one thousand visitors logs in to the server then total session variables will be 10 x 1000. Imagine if the site became more popular and with growing visitor load on server also will go up. So only user specific requirements are to be kept in session and special care is to be taken up for high traffic sites.
This is the biggest advantage of using session. As the data reside at server side so it remains secure irrespective of user browser environment. Some cases like user authentication results, passwords etc are kept in sessions only as users are expected to use different computers at different locations so they can't be left at client side. Query string data gets easily exposed by checking the history of the browser.
Amount of Data
Better not to load the server with more session data as it drains the server resources. This is important particularly for high traffic sites. Now temporary tables are available in databases which are fast and maintain overall small size for database.
We will learn more on session start, session variable and session time out.