What is Session State?
ASP.NET session state enables you to store and retrieve values for a user as the user navigates ASP.NET pages in a Web application.
- HTTP is a stateless protocol. This means that a Web server treats each HTTP request for a page as an independent request. The server retains no knowledge of variable values that were used during previous requests.
- ASP.NET session state identifies requests from the same browser during a limited time window as a session, and provides a way to persist variable values for the duration of that session. By default, ASP.NET session state is enabled for all ASP.NET applications.
Read more at ASP.NET Session State Overview
Why Session State is important?
Imagine you’re shopping online. You add items to your cart, but when you move to the checkout page, the website forgets what you added. Session state helps prevent this by keeping track of your cart items as you navigate through the website.
Usage:
The session state enables to specify the mode that will be stored, the way that session identifier values are sent between the client and the server, session Timeout and also, supporting values that are based on the session mode. Use for short-lived data that specific to a single user and don’t require constants after the session ends.
How does it work?
When you use a website, the server creates unique session for you. It then stores information about your activities in the website. This allows the website to remember the things that your preference or login state as you browse.
| Pros |
Cons |
- Easy to Implement
- Data Durability.
|
- Memory Overhead
- Scalability Issues
|
Session State Modes, Which Mode should you use?
Session State supports different storage options for session data, When deciding on a session state mode, you should consider your application's requirements.
- InProc mode is the default and stores session state in memory on the Web server.
- StateServer mode stores session state in a separate process, which is useful for preserving session state if the Web application restarts and for making session state available to multiple Web servers in a Web farm.
- SQLServer mode stores session state in a SQL Server database, offering similar benefits to StateServer mode but with the robustness of SQL Server.
- Custom mode allows you to specify a custom storage provider.
- Off mode disables session state altogether.
Choose the mode that best aligns with your application's performance, scalability, and persistence needs based on the below comparison:
| Aspect |
Pros |
Cons |
| InProc |
- Fast because it stores session data in memory locally.
- No serialization/deserialization overhead.
- Simple configuration and implementation.
|
- Data loss risk if the application pool recycles or restarts.
- Can cause memory bloat for large session objects.
|
| State Server |
- Allows for session data sharing among multiple web servers.
- Minimizes risk of data loss compared to InProc.
- Can handle large session objects without memory issues.
|
- Slower than InProc due to network communication.
- Serialization/deserialization overhead impacts speed.
- Requires configuration of a separate state server.
|
| SQL Server |
- Offers data persistence, reducing data loss risk.
- Can handle large session objects without memory issues.
- Allows for session data sharing among multiple web servers.
|
- Slower than InProc due to database communication.
- Requires configuration of a SQL Server instance.
- Requires database maintenance and scaling considerations.
|
| Custom Provider |
- Flexibility to implement custom session storage solutions.
- Can be optimized for specific application requirements.
|
- Requires development effort to implement and maintain.
- May introduce security vulnerabilities if not implemented properly.
|
InProc state works much faster than both the state server and SQL Server session storage. The reason SQL Server and state server are slower is because the serialization/deserialization process that occurs during the reading and storing of session data from the SQL/State server, which takes more time.
Where we can set the Session State Mode?
We can choose where to keep the session data, and we do this by setting the "mode" attribute of the <sessionState> part in the web.config file like this:
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
Conclusion:
In conclusion, session state is very important for web applications by remembering user data as the navigates through the pages. It offers many options to storge the data that you retrieve from the web applications.
See Also
