Where the session is stored ?



<sessionState  mode =”InProc” cookieless=”False” timeout=”20”/>

By default Cookieless is set to false – so the session Id is stored in Cookies so as long as user navigating the page you can get the session from cookies.

If you set the cookieless =”True” the session id is stored on the browser url before the file name

Ex: http://yourserver/folder/(sessionid)/default.aspx

Drawback is if the user working on the site it has assigned some sessionId on the url  , by giving the different url on Address bar and do some process once the user type same url at that time it will give different sessionid, the previous session will be lost and lost all of previous state.

Default timeout for session is 20 Mins.

Default timeout for Form authentication 30 Mins.