As a web developer, you might know that HTTP is a stateless protocol, which means that, by default, there is not a notion of sessions as such. Each request is handled independently and no values are retained between different requests.
Nonetheless, there are different methods for working with data. You can work with query strings, submit form data, or you can use cookies to store data on the client. However, all of those mechanisms are more or less manual and need to be managed by yourself.
If you are an experienced ASP.NET developer, you will be familiar with the concepts of session state and session variables. Those variables are stored on the web server and you can access them during different user requests so that you have a central place to store and receive data. Session state is ideal for storing user data specific to a session, without the need for permanent persistence.
Also, a session might not be restricted to a single user, so other users might continue with the same session, which could cause security risks.
ASP.NET Core 3 provides session state and session variables by using a dedicated session middleware. Basically, there are two distinct types of session providers:
- In-memory session providers (locally to a single server)
- Distributed session providers (shared between multiple servers)