Session is
not mendatory for login page. If you use
Forms Authentication[
^],then there wont be any need to generate session.
:doh:
[Edit]:
Login page without session[
^]
Session is stored on server side. It have its own Adv. and disadv.
Advantages:
-It helps maintain user state and data all over the application.
-It is easy to implement and we can store any kind of object.
-Stores client data separately.
-Session is secure and transparent from the user.
Disadvantages:
-Performance overhead in case of large volumes of data/user, because
session data is stored in server memory.
-Overhead involved in serializing and de-serializing session data, because in the case of StateServer and SQLServer session modes, we need to -Serialize the objects before storing them.
Further,session also have expiration behaviour,so you also have to take care of that.
Whereas,in forms authentication,on successful login,ticket will be generated and each time page postsback,this ticket will be verified to ensure the authorised user.
Feel free to ask if you still have any doubts.
Regards.. :laugh: