HttpApplicationState using IIS

Question

I've been given a task to create a browser-based POS application which is going to be hosted using a Windows IIS server on one PC. Several other PCs and tablets will access the functions of the application by entering the IP of the PC hosting it in their browsers when they are all connected to the same network. The application will be programmed in ASP.NET with C# as the code behind the ASPX pages.
My question is the following: If I use HttpApplicationState (var x = Application["testVariable"];) to store variables, will they be local for each device that connects to the site or will they be accessible by all devices and can be overwritten?

Example:
An iPad connects and logs in as user A. I set the variable Application["userName"] to the string "Nathangrad". Then, a PC connects and logs in as user B. I set the same variable to "OtherUser". Now, if I'm on the iPad and call Application["userName"], would I get "Nathangrad" or "OtherUser"?

Answer 1

HttpApplicationState is a global thing, it is available for all users of an application. From MSDN:

Enables sharing of global information across multiple sessions and requests within an ASP.NET application.

Typical use case for application state is to store something that never, or rarely, changes and does not depend on user at all.

If you actually need to overwrite values, but still want them to be available globally for the whole application, consider using cache System.Runtime.Caching.MemoryCache instead of the application state.

To store user-specific data, you have two options:

1. Session. Again, from MSDN:

ASP.NET session state identifies requests from the same browser during a limited time window as a session, and provides a way to persist variable values for the duration of that session.

Be aware that sessions die shortly after user finishes using the web site, and whatever was stored becomes unavailable.

2. Database persistence. If you are able to identify your users, you can store necessary user-specific data in the database. This approach will work well for authenticated users only.

Answer 2

A quick search on MSDN for the HttpApplicationState class shows the following:

"Enables sharing of global information across multiple sessions and requests within an ASP.NET application."

"A single instance of an HttpApplicationState class is created the first time a client requests any URL resource from within a particular ASP.NET application virtual directory. A separate single instance is created for each ASP.NET application on a Web server. A reference to each instance is then exposed via the intrinsic Application object."