Controlling Session State
Microsoft ASP.NET provides a HttpSessionState object that you can use to save information about a user session across multiple requests. The ASP.NET session management feature is scalable and robust, and you can use it across Web farms.
By default, the ASP.NET session object uses a client-side cookie to store an identifier. This identifier is used to locate the session across server round trips. However, ASP.NET also supports a cookieless session mode that initially redirects the client to a new URL containing the session ID, and then automatically parses the session ID out of the URL.
For ASP.NET mobile Web pages that use session state, you must consider the following factors:
Some mobile devices and gateways do not support cookies. In those cases, the Web server must have session management set to cookieless mode.
Some mobile devices have problems handling relative URLs after they have been redirected by cookieless session management.
Some mobile devices do not support cookies, so you must find alternative techniques for scenarios that require persistent state. For example, if a user logs on to a page, the application could assign a logon ID that is used for the remainder of the session. Typically, you use a cookie for this form of authentication, which is called cookie-based authentication. However, cookie-based authentication is not an option for devices that do not support cookies. Instead, you must rely on another state-management mechanism.
One alternative is to use session state. Because you can configure session state to work without cookies, the user can keep the ID in session state. However, a disadvantage of this technique is that the information expires with the session. Another disadvantage is that this technique always requires session state be used.
ASP.NET mobile Web pages do not include a mobile control for writing out hidden variables. Instead, the form provides a collection called HiddenVariables within the MobilePage class. All name/value pairs stored in this collection are persisted as hidden variables. The HiddenVariables collection is automatically repopulated with these hidden variables when the form is submitted.
This alternative uses hidden variables on a page. Hidden variables are automatically resubmitted as part of a form submission, whether the submission is to the same page or to another page.