Session vs Cookie performance for Authentication

[webdevaccount]

Hi,

I am trying to deceive whether I should use Asp.net 2.0's
FormAuthentication (cookie) or the Session object to store the login
ID of a given user.

Question 1: Assuming that the app will only run on a single server
(not a web farm), which option would perform better (in terms of
execution speed)?

Question 2: If I were to use a cookie, how would I be able to get the
number of users that are currently logged in?
(without using a session)


Thank you for your time and advice.

Regards,

Charles.

 

[=?ISO-8859-1?Q?G=F6ran_Andersson?=]

Hi,

I am trying to deceive whether I should use Asp.net 2.0's
FormAuthentication (cookie) or the Session object to store the login
ID of a given user.

Question 1: Assuming that the app will only run on a single server
(not a web farm), which option would perform better (in terms of
execution speed)?

That depends on if you are storing any other session variables or not.

If there are no session variables in the sesion object, the server
doesn't need to keep the session object in memory. It can just recreate
the session object when the user returns. This reduces the memory load
on the server.

If you are using session varaibles anyway, the difference in performance
would be very small.

If you aren't using any other session variables, you would get a
slightly better performance using cookies. It would only really make a
difference if you have a large number of visitors, though.

Question 2: If I were to use a cookie, how would I be able to get the
number of users that are currently logged in?
(without using a session)

You would have to keep track of every user and their last contact with
the server, so that you could remove the users from the count when you
consider them to have timed out.