Session State Management
page 4 of 9
by Joydip Kanjilal
Average Rating: 
Views (Total / Last 10 Days): 71940/ 99

Storing Session State in ASP.NET

Session state in ASP.NET can be stored in one of the following three ways.

·         InProc

·         State Server

·         SQL Server

Session state can be configured using the <sessionState> section in the application's web.config file.  Hence, we can increase the default Session timeout value to our desired value using the following statement in the web.config file.

Listing 1


The above statement doubles the Session Timeout value from 20 minutes to 40 minutes.  Note that the Session Timeout value is a Sliding expiration one.

The following is the complete syntax for specifying Session State in the web.config file using the mode attribute.

Listing 2

<sessionState mode = <"inproc" | "sqlserver" | "stateserver">
        cookieless = <"true" | "false"> 
timeout = <positive integer indicating the session timeout in minutes>
   sqlconnectionstring = <SQL connection string that is only used in the SQLServer mode>
        server = <The server name that is only required when the mode is State Server>
        port = <The port number that is only required when the mode is State Server>

The following section discusses each of the settings shown in Listing 1 earlier, in detail.

Mode: This setting supports three options.  They are inproc, sqlserver, and stateserver.  As stated earlier, ASP.NET supports two modes: in process and out of process.  There are also two options for out-of-process state management: memory based (stateserver) and SQL Server based (sqlserver).

Cookieless: This setting takes a boolean value of either true or false to indicate whether the Session is a cookieless one.

Timeout: This indicates the Session timeout vale in minutes.  This is the duration for which a user's session is active.  Note that the session timeout is a sliding value; on each request the timeout period is set to the current time plus the timeout value.

SqlConnectionString: This identifies the database connection string that names the database used for mode sqlserver.

Server: In the out-of-process mode stateserver, it names the server that is running the required Windows NT service: ASPState.

Port: This identifies the port number that corresponds to the server setting for mode State Server.  Note that a port is an unsigned integer that uniquely identifies a process running over a network.

Storing Session State in the InProc Mode

The InProc mode of Session State storage is the fastest among all of the storage modes available and stores the Session data in the ASP.NET worker process.  In this case, if the amount of data that is stored in the Session is large, performance would be drastically affected.  In the InProc mode of Session state storage, the session state is stored in the memory space of an application domain and is volatile.  In this case, the session state will be lost if the ASP.NET worker process named aspnet_wp.exe recycles or if the application domain restarts.  The Session State here entirely depends on the lifetime of the application domain that it runs on.  Note that the Session_End event which is fired internally by the web server is supported only in InProc mode. Note that even if the Session State is set to read only using the EnableSessionState attribute, in the InProc mode one can still modify the session.  The Session_OnEnd event is invoked by the runtime environment when we make a call to the Session.Abandon() method or when the user's session times out.  Further, any change made in the settings in the web.config file unloads the application domain and the Session State too.

Storing Session State in a State Server

The StateServer mode uses a stand-alone Microsoft Windows service that is independent of IIS and can run on a separate server.  In the State Server mode of Session State storage, the session state is serialized and stored in memory in a separate process that is managed by the aspnet_state.exe file.  Note that State Server can be on a different system.  This storage mode has some performance drawbacks due to the overhead involved in serialization and de-serialization of objects.  Note that the ASP.NET State Service is like any other NT/2000 service and runs as its own process and has its own memory space.

The following is the required setting in the web.config file to store the Session State in the State Server mode.

Listing 3

<sessionState mode="StateServer"
sqlConnectionString="data source=;user id=joydip;password=joydip"
 cookieless="false" timeout="20"/>

The primary advantage of storing the Session State in a State Server is that it is not in the same process as the ASP.NET and a crash of ASP.NET would in no way destroy the session data. Secondly, this mode of Session State storage enables to share the information across a web garden or a web farm.

The main disadvantage, however, is that this mode is slow compared to the InProc mode as it is stored in an external process.

Storing Session State using SQL Server

The SQL Server mode of Session State storage offers a reliable, secure and centralized storage of a session state with transactional facilities.  In this storage mode, the Session data is serialized and stored in a database table in the SQL Server database.  It can typically be used in the web farms.  In the SQL Server mode of Session State storage, the session state is serialized and stored in the SQL Server.  It has performance bottlenecks as in the State Server mode of Session State storage due to the overhead involved in serialization and de-serialization of the objects that are stored and retrieved to and from the Session.  SQL Server is more secure than the InProc or the State server modes of Session State storages as the data can be secured easily by configuring the SQL Server security.

The InstallSqlState.sql file has to be located in the system and executed.  This would create the necessary database and tables in the tempdb database to store the Session data.  To remove all the databases and the tables created earlier using the InstallSqlState.sql file, the UninstallSQLState.sql file can be used.  The web.config file has to be modified accordingly.  The following is the required setting in the web.config file to store the Session State in the SQL Server mode.

Listing 4

<sessionState mode="SQLServer"
  sqlConnectionString="data source=server;user id=joydip;password=joydip"
  cookieless="false" timeout="20" />

Okay, but which one should I choose?

So, which one to choose?  Which Session state storage mode is the best?  We have to choose between speed, reliability, security and scalability.

For sites that run in a single server, the InProc storage mode in the best.  It is the fastest of all the three modes, but it has its own limitations.  The major problem is that it is volatile.  In the InProc mode of storage, the durability of the data that is stored in the Session State is dependent on the life time Application Domain that the application runs in.  Once the Application Domain restarts or shuts down, the Session is lost.  In a production environment, the InProc mode of Session State storage is not feasible.  When we have to go for WebFarms, the OutProc mode is the best; especially when the traffic is heavy on the site.  The SQLServer mode of storage is suited when we need to secure the Session data or when we require scalability and reliability, but it takes more time to store and retrieve data to and from the database table.  We have to decide the right type of Session state storage mode based on the context by choosing between speed, scalability, and reliability.

Sharing Session State between Classic ASP and ASP.NET

ASP and ASP.NET sessions are not easily shareable.  Sharing session state between Classic ASP and ASP.NET can be possible through one of the following ways:

·         Storing the data in a common database or in the cookies

·         Passing the data from one page to another page using query strings

·         Using a 3rd party component for sharing session data

View Entire Article

User Comments

Title: Really Nice   
Date: 2006-12-22 9:36:38 AM
Its really excellent, and i am so cleared with the ideas of session expiration
Title: Firefox and IE process session differently   
Name: Michael
Date: 2006-12-20 11:36:26 AM

I found firefox keeps same value of "ASP.NET_SessionId" session on every new opened browser window. But IE generated a new "ASP.NET_SessionId". So you could not share sesssion data between new opened browser window in IE.

Title: Session State questions   
Name: Michael
Date: 2006-12-18 4:28:19 PM
Hi Joydip,

I could access to session using both "Response.Redirect(url,false);" and "Response.Redirect(url)". I really could not tell what's the differences between them.

Recently one my cowork set "sessionState mode='StateServer'" instead of "mode='InProc'", because he said the session were lost sometimes. Did you have this kind of problem? If you had it, please tell me how you fixed it.

By the way, if I have big data block, like a big hashtable, Should I save it to session or viewstate? Why?

Title: Great   
Name: Nadeem Abbasi
Date: 2006-12-08 7:45:55 AM
It is very Comprehensive article about Session State Management and also great contribution from Joydip Kanjilal for developers.

Title: Thanx   
Name: Sudeep
Date: 2006-12-07 3:31:09 AM
Very much informative.
Title: state management   
Name: Nitu Singh
Date: 2006-12-06 3:10:28 AM
It,s really too good.
Title: Very Nice   
Name: Rajesh
Date: 2006-11-29 8:40:13 PM
Very nice article. So many gud points are covered about sessions state storage.

Thanks for the Author.
Title: Abt Session manage ment   
Name: Subhashree
Date: 2006-11-29 5:53:53 AM
Excellant Article
Title: I like it too much   
Name: Nguyen Letan
Date: 2006-11-28 9:22:12 PM
It's helpful for me. Thanks!
Title: Reema   
Name: Agarwal
Date: 2006-11-26 12:26:24 PM
Simply Outstanding
Title: GOOD   
Date: 2006-11-25 5:38:58 AM
Title: Nice   
Name: Ramana
Date: 2006-11-24 4:37:50 AM
Way of explaination is good.
Title: IAtanasov   
Name: Ivan Atanasov
Date: 2006-11-23 9:42:35 AM
This is fantastic advice for understand Session State!
Title: Excellant solution to understand session state   
Name: Doss
Date: 2006-11-18 6:03:51 AM
It gives easy way to understand session state.Like this i want defn for state mangement .
Title: Session State Management   
Name: A. Ravi Srinivas
Date: 2006-11-18 12:22:56 AM
This article seems to be excellent.
I got benefited from Joydip Kanjilal old article on collections as well.
Hope we will get many more from you Joydip Kanjilal

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-06-18 5:13:29 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search