A crucial component of web programming is keeping state across several queries. Because HTTP is stateless, developers must put in place ways to store user data. Sessions are useful in this situation. This post will explain sessions, explain how they function in.NET, and offer real-world examples to demonstrate how to use them.

A session: what is it?
A session is a type of server-side data storage that allows data to be maintained between requests made by the same user. Web applications depend on sessions to save many state variables, including user preferences, shopping cart contents, and authentication status. A distinct session ID is assigned to each session, forwarded to the client, and returned with each new request.

How Sessions Work in .NET

• Session Initialization: When a user accesses a web application for the first time, a new session is created, and a unique session ID is generated. This ID is stored in a cookie on the client side.
• Data Storage: The session object is used to store data on the server side, tied to the session ID.
• Subsequent Requests: The client sends the session ID back to the server with each request. The server retrieves the session data using this ID.
• Session Termination: Sessions can be terminated explicitly by the application, or they can expire after a period of inactivity.

Enabling and Using Sessions in ASP.NET Core
To use sessions in an ASP.NET Core application, you need to configure the session middleware. Here’s a step-by-step guide:
Step 1. Configure session state
Middleware for managing session state is included in the framework. To enable the session middleware, Program.cs must contain:

• Any of the IDistributedCache memory caches. The IDistributedCache implementation is used as a backing store for the session. For more information, see Distributed Caching in ASP.NET Core.
• A call to AddSession
• A call to UseSession

The following code shows how to set up the in-memory session provider with a default in-memory implementation of IDistributedCache:
builder.Services.AddDistributedMemoryCache();
builder.Services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromSeconds(10);
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
});
app.UseSession();

The preceding code sets a short timeout to simplify testing.
The order of middleware is important. Call UseSession after UseRouting and before MapRazorPages and MapDefaultControllerRoute. See Middleware Ordering.

HttpContext.Session is available after the session state is configured.

HttpContext.The session can't be accessed before UseSession has been called.

A new session with a new session cookie can't be created after the app has begun writing to the response stream. The exception is recorded in the web server log and not displayed in the browser.

Step 2. Set and Get Session Data
The following example shows how to set and get an integer and a string:
public class IndexModel : PageModel
{
    public const string SessionKeyName = "_Name";
    public const string SessionKeyAge = "_Age";
    private readonly ILogger<IndexModel> _logger;
    public IndexModel(ILogger<IndexModel> logger)
    {
        _logger = logger;
    }
    public void OnGet()
    {
        if (string.IsNullOrEmpty(HttpContext.Session.GetString(SessionKeyName)))
        {
            HttpContext.Session.SetString(SessionKeyName, "The Doctor");
            HttpContext.Session.SetInt32(SessionKeyAge, 73);
        }
        var name = HttpContext.Session.GetString(SessionKeyName);
        var age = HttpContext.Session.GetInt32(SessionKeyAge).ToString();
        _logger.LogInformation("Session Name: {Name}", name);
        _logger.LogInformation("Session Age: {Age}", age);
    }
}

The following example retrieves the session value for the IndexModel.SessionKeyName key (_Name in the sample app) in a Razor Pages page:
@page
@using Microsoft.AspNetCore.Http
@model IndexModel
...
Name: @HttpContext.Session.GetString(IndexModel.SessionKeyName)

Serialize objects data
All session data must be serialized to enable a distributed cache scenario, even when using the in-memory cache. String and integer serializers are provided by the extension methods of ISession. Complex types must be serialized by the user using another mechanism, such as JSON.

Use the following sample code to serialize objects:
public static class SessionExtensions
{
    public static void Set<T>(this ISession session, string key, T value)
    {
        session.SetString(key, JsonSerializer.Serialize(value));
    }

    public static T? Get<T>(this ISession session, string key)
    {
        var value = session.GetString(key);
        return value == null ? default : JsonSerializer.Deserialize<T>(value);
    }
}

Benefits of Using Sessions

• State Management: Sessions help maintain the state across multiple requests, which is essential for features like user authentication and shopping carts.
• Security: Data stored in sessions is kept on the server, reducing the risk of client-side manipulation.
• Convenience: Sessions simplify the development of stateful web applications by providing an easy way to store and retrieve user-specific data.

Conclusion
One of.NET's most useful features for handling state in web applications is sessions. They offer a practical and safe means of storing user-specific information for usage in response to various requests. You may improve user experience and keep a smooth user interface during the user's visit to your web application by using sessions correctly. By successfully utilizing and comprehending sessions, you can create powerful, stateful online applications that enhance user experience. Sessions are an essential tool in the toolbox of any web developer, whether they are using distributed cache storage for scalability or in-memory storage for simplicity.