ASP.Net SessionState using SQL Server - is the data encrypted?

Question

When using Sql Server to store and manage the SessionState, is the session data stored in the database using encryption?

When I look at the data in the ASPNet datab

Answer 1

I had this problem recently, and had to deconstruct stored state to investigate a performance issue; the rough code was something like:

byte[] blob = ... // TODO
using (var ms = new MemoryStream(blob))
using (BinaryReader reader = new BinaryReader(ms)) {
    int len = reader.ReadInt32();
    bool f1 = reader.ReadBoolean(), f2 = reader.ReadBoolean();
    SessionStateItemCollection items = null;
    HttpStaticObjectsCollection sitems = null;
    if (f1) {
        items = SessionStateItemCollection.Deserialize(reader);
    }
    if (f2) {
        sitems = HttpStaticObjectsCollection.Deserialize(reader);
    }
    if (reader.ReadByte() != 0xFF) {
        throw new InvalidOperationException("corrupt");
    }
    if (items != null) {
        int max = items.Count;
        for (int i = 0; i < max; i++) {
            object obj = items[i];
            Console.WriteLine("{0}\t{1}", items.Keys[i],
                obj == null ? "n/a" : obj.GetType().FullName);
        }
    }
}