Session & State Management in ASP.NET Core
๐ก Concept Name
Session & State Management
๐ Quick Intro
ASP.NET Core provides several techniques to manage user state and data between requests โ like Session, Cookies, TempData, and ViewData. These tools help retain data across requests and redirect, making the web feel more stateful.
๐ง Analogy / Short Story
Imagine visiting a hotel and getting a room key (cookie). The receptionist uses that key to retrieve your preferences (session data) every time. Temporary notes for the day (TempData) are written on a whiteboard and erased once read. ViewData/ViewBag are like notes passed between functions.
๐ง Technical Explanation
ASP.NET Core is stateless by default. For persisting user data:
- ViewData/ViewBag: Used within the same request.
- TempData: Persists across one redirect.
- Cookies: Stored on client-side, persists until expiry.
- Session: Stored on server; requires `AddSession()` and `UseSession()`.
๐ฏ Purpose & Use Case
- โ Retain user data across multiple HTTP requests
- โ Maintain login state or shopping cart values
- โ Handle temporary messages after redirects
- โ Store user preferences or roles
- โ Secure and scalable user-specific state
๐ป Real Code Example
// Startup.cs - Enable Session
builder.Services.AddDistributedMemoryCache();
builder.Services.AddSession();
app.UseSession();
// Controller - Set/Get Session
public IActionResult SetSession()
{
HttpContext.Session.SetString("UserName", "Rishu");
return Ok();
}
public IActionResult GetSession()
{
var user = HttpContext.Session.GetString("UserName");
return Content($"Hello, {user}");
}
โ Interview Q&A
Q1: Is ASP.NET Core stateful?
A: No, it's stateless by design.
Q2: How do you enable session in ASP.NET Core?
A: Use `AddSession()` and `UseSession()` in Startup.
Q3: Where is Session data stored?
A: On the server-side (memory, Redis, etc.)
Q4: What is the difference between TempData and ViewData?
A: TempData persists after redirect, ViewData is for the same request.
Q5: Can Session survive server restart?
A: No, unless using persistent storage like Redis.
Q6: What format does Session store data?
A: Byte array; use helper methods like `SetString()` and `GetString()`.
Q7: Is session secure?
A: Depends on configuration and transport; HTTPS and secure cookies are recommended.
Q8: Can we share session between apps?
A: Only if using a shared distributed store like Redis.
Q9: Is TempData suitable for large data?
A: No, only for small, temporary values.
Q10: When is ViewBag used?
A: For passing data between Controller and View during one request.
๐ MCQs
Q1. Which method stores a string in session?
- SetValue
- SetData
- SetString
- SetSession
Q2. Where is TempData stored?
- Database
- Client
- TempDataProvider (usually session)
- Memory only
Q3. Which persists longer?
- TempData
- ViewBag
- Cookies
- ViewData
Q4. How to enable session in middleware?
- app.AddSession()
- app.UseSession()
- app.EnableSession()
- app.ConfigureSession()
Q5. Which is valid for passing data to View?
- Session
- Cookies
- Redis
- ViewBag
Q6. What is the default session timeout?
- 5 minutes
- 10 minutes
- 20 minutes
- 60 minutes
Q7. Which is stored client-side?
- ViewData
- Session
- TempData
- Cookies
Q8. Which can be accessed only once?
- Session
- TempData
- Cookies
- ViewBag
Q9. Which allows redirect+data passing?
- ViewBag
- Cookies
- TempData
- Session
Q10. Which session method gets a string?
- GetData
- Get
- GetString
- FetchString
๐ก Bonus Insight
Avoid using Session for storing sensitive data or large objects. Prefer distributed cache when scaling across multiple servers. Use TempData only for post-redirect messages.
๐ PDF Download
Need a handy summary for your notes? Download this topic as a PDF!