Persisting Session Between Different Browser Instances
- by imran_ku07
Introduction: By default inproc session's identifier cookie is saved in browser memory. This cookie is known as non persistent cookie identifier. This simply means that if the user closes his browser then the cookie is immediately removed. On the other hand cookies which stored on the user’s hard drive and can be reused for later visits are called persistent cookies. Persistent cookies are less used than nonpersistent cookies because of security. Simply because nonpersistent cookies makes session hijacking attacks more difficult and more limited. If you are using shared computer then there are lot of chances that your persistent session will be used by other shared members. However this is not always the case, lot of users desired that their session will remain persisted even they open two instances of same browser or when they close and open a new browser. So in this article i will provide a very simple way to persist your session even the browser is closed. Description: Let's create a simple ASP.NET Web Application. In this article i will use Web Form but it also works in MVC. Open Default.aspx.cs and add the following code in Page_Load. protected void Page_Load(object sender, EventArgs e) { if (Session["Message"] != null) Response.Write(Session["Message"].ToString()); Session["Message"] = "Hello, Imran"; } This page simply shows a message if a session exist previously and set the session. Now just run the application, you will just see an empty page on first try. After refreshing the page you will see the Message "Hello, Imran". Now just close the browser and reopen it or just open another browser instance, you will get the exactly same behavior when you run your application first time . Why the session is not persisted between browser instances. The simple reason is non persistent session cookie identifier. The session cookie identifier is not shared between browser instances. Now let's make it persistent. To make your application share session between different browser instances just add the following code in global.asax. protected void Application_PostMapRequestHandler(object sender, EventArgs e) { if (Request.Cookies["ASP.NET_SessionIdTemp"] != null) { if (Request.Cookies["ASP.NET_SessionId"] == null) Request.Cookies.Add(new HttpCookie("ASP.NET_SessionId", Request.Cookies["ASP.NET_SessionIdTemp"].Value)); else Request.Cookies["ASP.NET_SessionId"].Value = Request.Cookies["ASP.NET_SessionIdTemp"].Value; } } protected void Application_PostRequestHandlerExecute(object sender, EventArgs e) { HttpCookie cookie = new HttpCookie("ASP.NET_SessionIdTemp", Session.SessionID); cookie.Expires = DateTime.Now.AddMinutes(Session.Timeout); Response.Cookies.Add(cookie); } This code simply state that during Application_PostRequestHandlerExecute(which is executed after HttpHandler) just add a persistent cookie ASP.NET_SessionIdTemp which contains the value of current user SessionID and sets the timeout to current user session timeout. In Application_PostMapRequestHandler(which is executed just before th session is restored) we just check whether the Request cookie contains ASP.NET_SessionIdTemp. If yes then just add or update ASP.NET_SessionId cookie with ASP.NET_SessionIdTemp. So when a new browser instance is open, then a check will made that if ASP.NET_SessionIdTemp exist then simply add or update ASP.NET_SessionId cookie with ASP.NET_SessionIdTemp. So run your application again, you will get the last closed browser session(if it is not expired). Summary: Persistence session is great way to increase the user usability. But always beware the security before doing this. However there are some cases in which you might need persistence session. In this article i just go through how to do this simply. So hopefully you will again enjoy this simple article too.