Is it safe to store information in Session? ASP.Net MVC, C #

In the browser there is no content of the session itself. The user is transmitted only the session identifier, which is recorded in the cookie. Each user can safely see their cookies and change.

Is it safe? Of course not, but safer than cookies. Everything that is transferred to the user from the server or to the server can be intercepted or even easier, for example, the user can copy the session identifier and transfer it to another person.

The main difference between sessions and cookies is that when sessions are used, all information is stored on the server, and the client only has an identifier. Cooks have all the information stored by the client.

Sessions are also stored for a certain amount of time. Configured on a web server. For example, if after 20 minutes there was no reversal, the session is automatically deleted.

Sessions support objects of any type, including special, created by the developer data types. Session management is not part of the HTTP standard. Therefore, in order to track session information and bind it to the corresponding ASP.NET response, additional work has to be done. To track a session, a unique 120-bit identifier is used, which is generated by a patented algorithm. This identifier is the only piece of information that is transmitted between the web server and the client.

You can also choose where to store session objects. This can be an object in memory, tables in b / d with the special name ASPState or a Windows service.

Detailed information on sessions, how to use them, set up or choose a storage method can be found on the ProfessorWeb