ASP.NET's AspStateTempSessions table

Using SqlServer session state provider with ASP.NET.

From : ,
the ASPStateTempSessions table’s SessionId column is made up of :
“Session Id” + “Application Id”.

  • How to handle a nullable foreign key field in Entity Framework?
  • How i can perform skip and take functions in SQL
  • How to optimize the sql query
  • How to make string auto increment
  • Quickly generate ascii text sql scripts based off of sql 2008 database
  • Converting nvarchar(4000) to nvarchar(max)
  • My question is, wouldn’t “Session Id” be enough to make this column unique ? If so, is adding the “Application Id” just some additional security to make sure sessions can’t be accessed across application boundaries ?

    I’m just trying to understand session ids (the 24 character ones) a bit better.

    EDIT : sorry, I should clarify. Assume that for all of the applications on the domain, the ASP.NET sessionState cookieName is explicitly set to a unique value for each application.

    e.g :

    for app 1 :  <sessionState mode="SQLServer" ... cookieName="ASP.NET_SessionId_App1" > .. 
    for app 2 : <sessionState mode="SQLServer" ... cookieName="ASP.NET_SessionId_App2" > ..

    (I’m thinking this will make each app use a different session ID ?).

  • How to get the client IP address from SQL Server 2008 itself?
  • List SQL Server instances in ASP.NET
  • Check SQL trace log
  • Error: Input string was not in a correct format - ASP.Net
  • what's the issue with AttachDbFilename
  • “The connection string specifies a local Sql Server Express instance”, Except it Doesn't
  • 2 Solutions collect form web for “ASP.NET's AspStateTempSessions table”

    If you are looking at a single application, yes – Session Id would be enough to make the column unique. However – the database schema is designed to support multiple applications in one Database. The application ID makes it unique when there are multiple records. It has nothing to do with Security.

    ASP.NET Sql Server Session State Provider database schema is designed to support multiple web applications i.e. you can have same sql server database backing up sessions from multiple web sites.

    MS SQL Server is a Microsoft SQL Database product, include sql server standard, sql server management studio, sql server express and so on.