Application state is used to store data corresponding to all the variables of an ASP.NET Web application. The data in an application state is stored once and read several times. Application state uses the HttpApplicationState class to store and share the data throughout the application. You can access the information stored in an application state by using the HttpApplication class property. Data stored in the application state is accessible to all the pages of the application and is the same for all the users accessing the application. The HttpApplicationState class provides a lock method, which you can use to ensure that only one user is able to access and modify the data of an application at any instant of time.
Each client accessing a Web application maintains a distinct session with the Web server, and there is also some specific information associated with each of these sessions. Session state is defined in the element of the web.config file. It also stores the data specific to a user session in session variables. Different session variables are created for each user session. In addition, session variables can be accessed from any page of the application. When a user accesses a page, a session ID for the user is created. The session ID is transferred between the server and the client over the HTTP protocol using cookies.