ASP.NET Server Side State Management – Session State

June 28, 2008

2 comments

ASP.NET Server Side State Management – Session State

In this post I’ll introduce the session state technique. Session State
You can read my previous posts in the state management subject in
the following links:

What is session state?
The session state is a global storage mechanism that is
accessible from all the web pages that were requested by a
single web browser session. The storage is perfect for storing specific
information that is connected to a specific user. That means that every
user of the web application will have a separate session state.
The session has a timeout period and after the timeout the session data
is lost and a new session will be created for the user. The timeout occurs
when the user is no longer active for a period of time. Like the application 
state, the session storage is implemented as a key/value dictionary which is
represented by an instance of the HttpSessionState object.
The session is used for the following scenarios:

  • Uniquely identify a client requests and therefore you can track
    users by the their sessions. 
  • Raise session management events. The Global.asax file has
    session management events like Session_Start that helps to do
    useful things regarding the session events (for example – counting how
    many users are currently connected to your site).
  • Store session specific data.

The session is being tracked by the ASP.NET_SessionID cookie. That
cookie is constructed whenever a new session is created for a user.
Regardless to say that if cookies are disabled then the session cookie won’t
be available.

Using Session State Data
The use of the session dictionary is very simple. for example:

   protected void Page_Load(object sender, EventArgs e)

   {

      if (Session["FirstPageLoadEventTime"] == null)

      {

         // put the date time of the first page load in the

         // session

         Session["FirstPageLoadEventTime"] = DateTime.Now;

      }

      DateTime firstPageLoadEventTime =

         (DateTime)Session["FirstPageLoadEventTime"];

   }

In the example I put the time of the first page load in the session
and then insert it to a variable called firstPageLoadEventTime. In the
next time that the Page_Load event will be called the session will hold
the first time that the Page_Load method was called. This is only an
example and probably I won’t do such a thing in an application.

Disabling Session State
There are two ways to disable the session state:

  • Disable the session from the web.config file:
  •    <configuration>

          <system.web>

            <sessionState mode="Off">

            </sessionState>

          </system.web>

       </configuration>

  • Disable the session for a single page using the
    EnableSessionState page directives:
  • <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="AJAXEnabledWebApplication1._Default" EnableSessionState="False" %>

Session Management Events
You can use the session management events like you use the
application state management events. In the Global.asax file
There are two events that you can use:

  • Session_Start – raised whenever a session is starting.
  • Session_End – raised whenever a session is ending.

Cookieless Session State
As written earlier the session state is managed by a cookie.
What can we do if the user disabled cookies?
There is a cookieless configuration that put the session id in
the page’s Url instead of a cookie. To enable this behavior 
use the following code in your web.config:

  <configuration>

   <system.web>

      <sessionState cookieless="true" regenerateExpiredSessionId="true">

      </sessionState>

   </system.web>

  </configuration>

Session State Mode
There are several storage options for session data:

  • InProcSession state is saved in memory. The session is discarded
    when the application restart. The session is enabled only
    for the current server and not supported in a web farm.
    This is the default.
  • StateServerSession state is saved in a dedicated
    ASP.NET state server. The session is saved when application restart
    and also available to multiple web server in a web farm.
    You pay in performance in this choice.
  • SQLServerSession State is saved in Sql server database.
    The session is available to multiple web servers in a web farm.
    Also the session state is saved whenever the application restart.
    You pay in performance in this choice.
  • Custom – A custom session storage provider that you build.
  • Off – Disable session state.

The session mode is specified in the web.config file.
The following example specify an InProc mode in the
web.config:

  <configuration>

   <system.web>

      <sessionState mode="InProc">

      </sessionState>

   </system.web>

  </configuration>

Modes other then Off and InProc need other parameters to
be enabled like sqlConnectionString for the SQLServer mode for
example.

Summary
To sum up the post, I introduced the session state technique.
The technique is widely used in ASP.NET and sometime over used.
Sometimes I find that developers put almost everything in the session
even things that should be managed by client side techniques.
You need to find the balance between server and client side techniques
in order to build a good web application. The next post in the server side
state management
will be the last in the series and will introduce the
profile properties technique.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

2 comments

  1. RobSeptember 14, 2008 ב 4:48

    Hello,
    I was curious what technique you use for session/state management in Silverlight apps?

    Reply
  2. Gil FinkSeptember 14, 2008 ב 11:07

    Hi,
    I’m sorry but I haven’t used silverlight yet in an application. But… I can tell that you can use session state in silverlight according to things that were written in the silverlight forums. See the following post as a start point: http://silverlight.net/forums/t/13624.aspx
    I hope it helps.

    Reply