Session State Management: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Session State Management

page 7 of 9

by Joydip Kanjilal
Feedback

Average Rating:

Views (Total / Last 10 Days): 72626/ 77

Article Contents:

Points to remember

This section discusses some important points that one should keep in mind when working with Session State in ASP.NET. I have put together some of the most important points here.

1. We should be well aware of the amount of the data that we store in the Session, particularly for sites that have a heavy traffic. In a distributed web server environment, the use of Session variables can degrade performance.

2. The Session IDs are stored in the Cookies in the Client side and are used for communication between the Server and the Client. If the Session does not contain a Cookie, the Session ID is maintained using the URL only.

3. It should be noted that the SessionID lasts as long as the user’s session of communication with the web server is active, i.e., as long as the browser instance is unchanged. This can happen even after expiry of the Session after the specified timeout period. Note that if the application has never stored anything in the session state, a new session state with a new Session ID is created with every request. In SQLServer mode of Session State storage, the session expiration is carried out by the SQL Agent using a registered job.

4. The Session timeout value is specified web.config file. It is a sliding expiration value and indicates the time (in minutes) that the Session can be idle before it is abandoned. When a session times out, the session data is flushed out, the Session object is killed and a new one is created on a subsequent hit to the page. The Session timeout value is a sliding expiration value.

5. Note that the Session state is available only after the HttpApplication.AcquireRequestState event is called. The Session_End event is supported only in the InProc mode and is fired internally by the Web Server, based on an internal timer. Thus, there is no HttpRequest that is associated when that happens. This is why the methods Response.Redirect or Server.Transfer do not work in the Session_End event. The Session_OnEnd event is called when we make a call to the Session.Abandon method or when the Session times out.

6. Storing the basic types in the Session state is much faster compared to storing object types due to the serialization and de-serialization overhead involved.

7. The IsNewSession property of the HttpSessionState class can be used to detect whether a Session has timed out or was abandoned.

8. Remember never to use a Response.Redirect or Server.Transfer method call after you set the Session in the login page of your application. Both these methods call the Response.End method internally. The Session ID would be lost as the Response.End method stops execution of the page. Use the FormsAuthentication.RedirectFromLoginPage method instead. Alternatively, you can use the following overloaded version of the Response.Redirect method.

9. Response.Redirect("~/menu.aspx", false)

10. This would not abort the current thread and would prevent the Session ID from being lost.

« (Page 6)

View Entire Article

(Page 8) »

User Comments

Title: Really Nice
Name: PRABHURAJAN_G
Date: 2006-12-22 9:36:38 AM
Comment:
Its really excellent, and i am so cleared with the ideas of session expiration

Title: Firefox and IE process session differently
Name: Michael
Date: 2006-12-20 11:36:26 AM
Comment:
Hi,

I found firefox keeps same value of "ASP.NET_SessionId" session on every new opened browser window. But IE generated a new "ASP.NET_SessionId". So you could not share sesssion data between new opened browser window in IE.

Michael

Title: Session State questions
Name: Michael
Date: 2006-12-18 4:28:19 PM
Comment:
Hi Joydip,

I could access to session using both "Response.Redirect(url,false);" and "Response.Redirect(url)". I really could not tell what's the differences between them.

Recently one my cowork set "sessionState mode='StateServer'" instead of "mode='InProc'", because he said the session were lost sometimes. Did you have this kind of problem? If you had it, please tell me how you fixed it.

By the way, if I have big data block, like a big hashtable, Should I save it to session or viewstate? Why?

Thanks.
Michael

Title: Great
Name: Nadeem Abbasi
Date: 2006-12-08 7:45:55 AM
Comment:
It is very Comprehensive article about Session State Management and also great contribution from Joydip Kanjilal for developers.

--MNA_4U@HOTMAIL.COM

Title: Thanx
Name: Sudeep
Date: 2006-12-07 3:31:09 AM
Comment:
Very much informative.

Title: state management
Name: Nitu Singh
Date: 2006-12-06 3:10:28 AM
Comment:
It,s really too good.

Title: Very Nice
Name: Rajesh
Date: 2006-11-29 8:40:13 PM
Comment:
Very nice article. So many gud points are covered about sessions state storage.

Thanks for the Author.

Title: Abt Session manage ment
Name: Subhashree
Date: 2006-11-29 5:53:53 AM
Comment:
Excellant Article

Title: I like it too much
Name: Nguyen Letan
Date: 2006-11-28 9:22:12 PM
Comment:
It's helpful for me. Thanks!

Title: Reema
Name: Agarwal
Date: 2006-11-26 12:26:24 PM
Comment:
Simply Outstanding

Title: GOOD
Name: KIRAN
Date: 2006-11-25 5:38:58 AM
Comment:
ITS VERY GOOD

Title: Nice
Name: Ramana
Date: 2006-11-24 4:37:50 AM
Comment:
Way of explaination is good.

Title: IAtanasov
Name: Ivan Atanasov
Date: 2006-11-23 9:42:35 AM
Comment:
This is fantastic advice for understand Session State!

Title: Excellant solution to understand session state
Name: Doss
Date: 2006-11-18 6:03:51 AM
Comment:
It gives easy way to understand session state.Like this i want defn for state mangement .

Title: Session State Management
Name: A. Ravi Srinivas
Date: 2006-11-18 12:22:56 AM
Comment:
This article seems to be excellent.
I got benefited from Joydip Kanjilal old article on collections as well.
Hope we will get many more from you Joydip Kanjilal
Thanks
Ravi

Product Spotlight