About ASP.NET Session State

ASP.NET Session State

ASP.NET session state solves all of the above problems associated with classic ASP session state:

• Process independent. ASP.NET session state is able to run in a separate process from the ASP.NET host process. If session state is in a separate process, the ASP.NET process can come and go while the session state process remains available. Of course, you can still use session state in process similar to classic ASP, too.
• Support for server farm configurations. By moving to an out-of-process model, ASP.NET also solves the server farm problem. The new out-of-process model allows all servers in the farm to share a session state process. You can implement this by changing the ASP.NET configuration to point to a common server.
• Cookie independent. Although solutions to the problem of cookieless state management do exist for classic ASP, they're not trivial to implement. ASP.NET, on the other hand, reduces the complexities of cookieless session state to a simple configuration setting.

Let's look at each of these features in more detail, including how the settings are configured.

Using ASP.NET Session State

Session state settings in ASP.NET are configured through the ASP.NET XML configuration file web.config. We'll look at web.config in more detail in a later column, but for this discussion of session state let's look at it briefly.

Web.config

There are two types of configuration files: a machine configuration file and an application configuration file, both named web.config. The two are identical, except that the machine configuration file applies settings to all applications but the application configuration files are either restrictive or expansive on an application-by-application basis.
In Beta 1, the machine web.config file is in the WinNT\Microsoft.NET\Framework\v1.0.2204 directory, while the optional application configuration files exist in the application's directory. Application web.config files are optional in the sense that if an application config.web file doesn't exist, the machine web.config settings are used instead. ASP.NET session state settings can be made in the machine web.config file and overridden in a particular application's web.config file.
Note: Changes made to web.config are applied immediately, unlike classic ASP, where the server has to be stopped and started for settings to take affect.

Session configuration

Below is a sample web.config file used to configure the session state settings for an ASP.NET application:

<configuration>  <sessionstate>      mode="inproc"      cookieless="false"
timeout="20"       sqlconnectionstring="data source=127.0.0.1;user id=<user id="">
;password=<password>"      server="127.0.0.1"       port="42424"   />
</password></user></sessionstate></configuration>

;The settings above are used to configure ASP.NET session state. Let's look at each in more detail and cover the various uses afterward.

• Mode. The mode setting supports three options: inproc, sqlserver, and stateserver. As stated earlier, ASP.NET supports two modes: in process and out of process. There are also two options for out-of-process state management: memory based (stateserver), and SQL Server based (sqlserver). We'll discuss implementing these options shortly.
• Cookieless. The cookieless option for ASP.NET is configured with this simple Boolean setting.
• Timeout. This option controls the length of time a session is considered valid. The session timeout is a sliding value; on each request the timeout period is set to the current time plus the timeout value
• Sqlconnectionstring. The sqlconnectionstring identifies the database connection string that names the database used for mode sqlserver.
• Server. In the out-of-process mode stateserver, it names the server that is running the required Windows NT service: ASPState.
• Port. The port setting, which accompanies the server setting, identifies the port number that corresponds to the server setting for mode stateserver.

  In-process Mode

  In-process mode simply means using ASP.NET session state in a similar manner to classic ASP session state. That is, session state is managed in process and if the process is re-cycled, state is lost. Given the new settings that ASP.NET provides, you might wonder why you would ever use this mode. The reasoning is quite simple: performance. The performance of session state, e.g. the time it takes to read from and write to the session state dictionary, will be much faster when the memory read to and from is in process, as cross-process calls add overhead when data is marshaled back and forth or possibly read from SQL Server.
  In-process mode is the default setting for ASP.NET. When this setting is used, the only other session web.config settings used are cookieless and timeout.
  

  Performance and Reliability Considerations

  It's worth mentioning, briefly, some of the performance and reliability issues you should consider when using ASP.NET session state modes.
• In process. In process will perform best because the session state memory is kept within the ASP.NET process. For Web applications hosted on a single server, applications in which the user is guaranteed to be re-directed to the correct server, or when session state data is not critical (in the sense that it can be re-constructed or re-populated), this is the mode to choose.
• Out of process. This mode is best used when performance is important but you can't guarantee which server a user will request an application from. With out-of-process mode, you get the performance of reading from memory and the reliability of a separate process that manages the state for all servers.
• SQL Server. This mode is best used when the reliability of the data is fundamental to the stability of the application, as the database can be clustered for failure scenarios. The performance isn't as fast as out of process, but the tradeoff is the higher level of reliability.