Avatar of IntelligentResponse
IntelligentResponse
Flag for United States of America asked on

Match ASP.NET Profile ID with page request

I understand that the web is stateless, and that state can be maintained between pages using Sessions, which is always on the server and per client. It knows which browser (request) the generated id belongs to because of the use of cookies or url embedding it uses. I understand that the url embedding can be unsafe if encryption is not used with it.

I have read that the anonymous ASP.NET Profile method for maintaining state uses cookies to identify a request coming in from a browser.

So how is an authenticated Profile user's identity matched with each request? Is a cookie or url embedding method used here as well?
C#.NET ProgrammingWeb Development

Avatar of undefined
Last Comment
IntelligentResponse

8/22/2022 - Mon
SOLUTION
Paul MacDonald

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
IntelligentResponse

ASKER
I have an understanding of all of what you mention, but am not sure how Profile State management works when it comes to identifying each page request. The focus is on each page request with respect to Profile state management and how they do it.

Most articles I've come across seem to imply that Profile Properties somehow magically know which browser has made the request, so they tend to skip the explanation of how this actually happens.

Each web page is independent, so the only way Profile Properties know which browser sent any page is by using a mechanism like cookies, url embedding, or some form of browser caching or similar.

Simply put, how does the Profile state management system know which page request belongs to its unique ID?

With Session State they use cookies and url embedding, what is used with Profile State?
SOLUTION
Paul MacDonald

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
IntelligentResponse

ASKER
So does Profile State management depend on Session State, or are you referring to different things when you mention "session" and "Session State".

Is it correct to say that a session's data is server-side only? If so, how does it communicate with a browser so it can connect the correct session data with the correct browser?
ASKER CERTIFIED SOLUTION
Paul MacDonald

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
IntelligentResponse

ASKER
When a client makes its initial request to the server, the server generates a Session ID and passes that back to the client.  The client sends the Session ID with every subsequent request so the server knows which session/client is making the request.

Many articles call this an in-memory cookie that is deleted when the browser closes, so I think I was referring to this when I mentioned cookie. I probably should have called it in-memory cookies, however, as far as I know, url embedding is used in cookieless sessions, but again, perhaps my terminology is incorrect.

Yes, for the purpose of this discussion.
This tells me that you don't really believe that Sessions are always used with Profile State, or am I getting it wrong?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Paul MacDonald

"This tells me that you don't really believe that Sessions are always used with Profile State, or am I getting it wrong?"
Profile information is loaded into a Session when requested so the Profile information can follow the client's requests - which is what you seem to be asking about.  Technically, Profile information can exist without a Session (just by being in a database - but the information is not useful there).  I'm not trying to be coy, just precise.

Sessions do not equal cookies, regardless of what you may have read.  Here's some information on Sessions and IIS:
http://msdn.microsoft.com/en-us/library/ms178586(v=vs.80).aspx
IntelligentResponse

ASKER
Yes, I can see now that technically Profile data don't need Sessions, and Sessions don't always need cookies, but it is the web request / response process and the stateless nature of the web that requires a means of always knowing the logged on status of a specific web page request across web requests.

So, just to clarify your comment,
the server generates a Session ID and passes that back to the client
, where in the client is the Session ID stored?
SOLUTION
Paul MacDonald

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
IntelligentResponse

ASKER
Thanks, this has been helpful and informative.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Paul MacDonald

Happy to help.
IntelligentResponse

ASKER
Thanks for your patience, and taking the time to correct my terminology.