Like most websites, the NAMRS Pilot used session data to store data between requests for a particular user during a login session. NAMRS used very little session data--only a couple of items such as the state ID and state name.
There were various ways to store session data. NAMRS used Azure Redis Cache to store its session data. This is a best practice when using SQL Azure. The NAMRS Pilot had been migrated from SQL Azure onto a VM running SQL Server and still used Redis for maximum portability.
Redis is an industry standard, open-source caching service. The website used a standard Redis Session Provider that plugged into the ASP.Net Provider Framework. This meant that there were no code changes if the session provider was changed. It would be very simple to switch from Redis session state to SQL session state, to even in-memory session state. (And this had all been tested--it is purely configuration without any code changes.)
The NAMRS Pilot Session Cache was accessed by the NAMRS Pilot Website.
The NAMRS Pilot Session Cache was a service--it did not access any components in the NAMRS Pilot.
Redis security was controlled through a host, port, and secret access key. The access key was almost 50 random characters long and it was unlikely that someone would guess the key.
Data were always encrypted as it moved across the network inside the Azure Cloud between the web server and the Azure Redis service.