Session





3.00/5 (2 votes)
ASP.NET Session state provides a place to store values that will persist across page requests. Values stored in Session are stored on the server
ASP.NET Session state provides a place to store values that will persist across page requests. Values stored in Session are stored on the server and will remain in memory until they are explicitly removed or until the Session expires.
State management using session is one of the best ASP.NET features, because it is secure, transparent from users, and we can store any kind of object in it. Along with these advantages, sometimes session can cause performance issues in high traffic sites because it is stored in server memory and clients read data from the server.
Storing and retrieving a value in the Session
is as simple as:
VB:
'Storing Name in Session Session("Name") = "John Doe" 'Or Session.Add("Name","John Doe") 'retrieving string Dim Name As String = Session("Name")
C#:
//Storing Name in Session Session["Name"] = "John Doe" // Or Session.Add("Name","John Doe"); //retrieving string Name = (string)Session["Name"];
By default, the Session will be created within the same process that your web site runs in (InProc
). This is controlled by a setting in the web.config file:
<sessionState mode="InProc" />
Although running the Session In Process is very convenient, it does mean that all Session values will be lost whenever the application recycles (such as when deploying updates). There are alternate modes you can use that will allow the Session state to survive even when the application recycles. The available options are:
Off
- No session state will be storedInProc
- (The Default) Session state exists within the process the web is usingStateServer
- Session data is sent to the configured stateserver serviceSQLServer
- Session data is store in the configured SQL Server database
Both the StateServer
mode and the SQLServer
mode allow Session state to survive an application recycle. But, when storing reference type objects (such as class instances), they can only be stored to StateServer
or SQLServer
if they have been marked with the Serializable attribute.
There are certain events in Global.asax file associated with Session
, Session_Start
and Session_End
.
The Session_End
event only fires in InProc
, it does not support session management implemented with OutProc
.
An important consideration for using Session
state is that the Session does expire. By default, if a user does not access their Session data within 20 minutes (by default), the Session will expire and all items that had been stored in the Session will be discarded. Because of this, it is important to check the object that is returned from the Session to see if it exists or if it is null
before you try to work with it. For example:
object sessionObject = Session["someObject"]; if (sessionObject != null) { myLabel.Text = sessionObject.ToString(); }
The Session Timeout is adjustable through a web.config setting but increasing the timeout value can put memory pressure on your server that may be undesirable.
<sessionState timeout="number of minutes" />
Other commonly used Session
methods are:
Session.Abandon()
- removes theSession
and all items that it containsSession.Clear()
- removes all items from theSession
Session.RemoveAll()
- removes all items from theSession
Session.Remove("itemName")
- removes the item that was stored under the name "itemName
"
How To
- ASP.NET Session State Overview - Start here with this excellent MSDN Documentation
- Using Session and Application Objects in ASP.NET
- Selecting the Method for Maintaining and Storing ASP.NET Session State
- Taming the Stateless Beast: Managing Session State Across Servers on a Web Farm
- ASP.NET Session State FAQ - From Peter Bromberg: "Below is a quick summary of the different modes of session state, followed by a list of FAQ's, compiled from several sources, including my own "discoveries"
- How to use ASP.NET session state SQL Server Mode in a failover cluster - "This article describes the information that you must have to configure a Web server cluster to use the SQL session state that runs in a failover cluster."
Whitepapers/Blogs
- State Management - Good blogged overview of the decision-making process, advantages and disadvantages of storing state in various places.
- State Management and ASP.NET - A good basic white paper enumerating your various options for state management.
KB: ASP.NET State Management Overview - A dry but fairly thorough KB article on session state. - Microsoft ASP.NET 2.0 Providers: Introduction and Session State Providers - "Session state providers provide the interface between Microsoft ASP.NET's session state module and session state data sources." The MSDN documentation is a good place to start if you plan on writing your own, or if you just want to understand one of the existing providers.
- This is a short section in MSDN that offers insight into a couple of obscure details that might be of interest.
- Fast, Scalable, And Secure Session State Management For Your Web Applications - An excellent article from MSDN magazine on the ASP.NET session state architecture.
- Architectural And Performance Considerations - A very thoughtful blog post that can help you decide which session provider to use.
- Exploring Session in ASP.Net - Code Project: This article describes about session in ASP.NET 2.0. Different Types of Session, their configuration. Also describes Session on Web Farm, Load balancer, web garden, etc.
Enjoy!