Home/ Questions/Q 230411
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T19:50:49+00:00

When using Sql Server to store and manage the SessionState, is the session data

  • 0

When using Sql Server to store and manage the SessionState, is the session data stored in the database using encryption?

When I look at the data in the ASPNet database, the data in the “SessionItemLong” in the ASPStateTempSessions columns appears to be hexadecimal data. Is this data being encrypted before being stored in the database? And if so, where is the key that is being used to encrypt the data and what algorithm is being used to encrypt the data?

Also, the Session state stores the object using serialization. Which serialization is used? (binary or XML)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are no encryption there. The data is stored using binary serialization (it’s much more faster than xml one). For details look at the SessionStateUtility class (you can browse it using free Reflector). This is the code which is used for serialization: 

    internal static void Serialize(SessionStateStoreData item, Stream stream)
{
    bool flag = true;
    bool flag2 = true;
    BinaryWriter writer = new BinaryWriter(stream);
    writer.Write(item.Timeout);
    if ((item.Items == null) || (item.Items.Count == 0))
    {
        flag = false;
    }
    writer.Write(flag);
    if ((item.StaticObjects == null) || item.StaticObjects.NeverAccessed)
    {
        flag2 = false;
    }
    writer.Write(flag2);
    if (flag)
    {
        ((SessionStateItemCollection) item.Items).Serialize(writer);
    }
    if (flag2)
    {
        item.StaticObjects.Serialize(writer);
    }
    writer.Write((byte) 0xff);
}
    • 0