Understanding ASP.Net session life time

Question

I am confused about ASP or ASP.Net session life time (or life cycle) concepts. More specifically, my confusions are:

1. How does IIS decide when a new session sta

Answer 1

1. Session starts because the request does not contain a session cookie or the session cookie it does contain no longer maps to a session. A session ends by a) it has sat idle with no further requests referencing it for the timeout period. b) Its deliberately aborted by code. c) In-process session dies when the process does, e.g. when the app is recycled.

2. Different ways to change the timeout are basically modifing the web.config anyway or a config file from which the value is inherited.

3. Not unless the session object is deliberately placed by code somewhere that another session can access it.