I know that cookies are messages passed back and forth between client and server that the server uses to associate a particular user to a session, and that a session is a store on the server that contains data that the server uses to restore the state of pages between get requests.
But implementing this functionality is a bit tricker than I imagined. Consider the following event handler procedure, which throws an ArgumentOutOfRangeException when the button is clicked:
Not even a single cookie. And note that Response.Cookies[0] would have caused the same exception.Code:protected void Button1_Click(object sender, EventArgs e) { Response.Write(this.Request.Cookies[0].Value + "<br/>");//ArgumentOutOfRangeException }
Now consider the following sample code, which is pretty much the same as the previous code but with an extra line of code:
The simple act of accessing the SessionID property of the HttpSessionState object returned by the Page's Session property fixes the problem. Now the HttpCookieCollection object returned by the HttpRequest's (or HttpResponse's) Cookies property has at least one element.Code:protected void Button1_Click(object sender, EventArgs e) { Response.Write(this.Session.SessionID + "<br/>"); Response.Write(this.Request.Cookies[0].Value + "<br/>"); }
Each time we click on the button we should see something like this on the page, and each time it would be a new sessionID:
cvbuioycvbouiyuisriieerhk
cvbuioycvbouiyuisriieerhk
I interpret this to mean that some code inside HttpSessionState's SessionID's get accessor adds a key/value pair to the HttpCookieCollections associated with the HttpRequest and HttpResponse objects. Who would have thought it?
This would also have worked fine:
And now, if we want to make the session ID remain the same between postbacks, the following line code appears to solve that problem:Code:protected void Button1_Click(object sender, EventArgs e) { Response.Write(this.Session.SessionID + "<br/>"); Response.Write(this.Response.Cookies[0].Value + "<br/>"); }
In other words, saving something to the HttpSessionState collection is all we need to do in order to make the SessionID be persisted between requests. Who would have thought it?Code:protected void Button1_Click(object sender, EventArgs e) { Session["..."] = ""; Response.Write(this.Session.SessionID + "<br/>"); Response.Write(this.Request.Cookies[0].Value + "<br/>"); }
But that's not all. Had we had this code, there would have been another ArgumentOutOfRangeException:
However, if we remove the line of code that adds a value to the HttpSessionState collection, then Response.Cookies[0] gets populated with a new sessionID and the code runs fine.Code:protected void Button1_Click(object sender, EventArgs e) { Session["..."] = ""; Response.Write(this.Session.SessionID + "<br/>"); Response.Write(this.Response.Cookies[0].Value + "<br/>");//ArgumentOutOfRangeException }
The bottom line is that I don't find any of this logic overly obvious and to be honest I feel like I'm wasting my time trying to learn all this through trial and error.
Can someone help me make sense of all the code above and perhaps point me toward a resource where the rationale behind all this logic is clearly explained?
