Session in ASP .NET
.NET C Sharp

Session in ASP .NET

Mishel Shaji
Mishel Shaji

We know that HTTP is a stateless protocol, which means that every HTTP requests are independent and it cannot maintain the user information or app state. So any data set by the user on a page cannot be retrieved on another page.

What is session?

Session is a way to store information so that user data can be retrieved on multiple pages of the application. Session data is stored on user basis so that the data is available only for the same user. Unlike Cookies session data is stored in the server.

Advantages and disadvantages

Session is the simplest and most effective way to maintain the user data within the application. It is easy to implement. The biggest advantage of session is that it can store any type of object.

Since session data is stored in the server memory, a large number of users or data may eat up the server memory and affect the performance. Another disadvantage of the session is that, unless explicitly specified, cookies will be used to store user information. If the user has disabled cookies for some reason, the application may not be able to take advantage of sessions.

Using session in ASP .NET

Sessions can be used easily in ASP.NET with the Session object of the System.Web.SessionState.HttpSessionState class. In ASP .NET, you can set a session as follows.

Session["Name"] = "Mishel";

This will store the value Mishel with Name as the key.

And we can retrieve a it as shown below:

if( Session["Name"] !=null )
{
    string name= Session["Name"].toString();
}

Session modes

ASP .NET session has the following modes and each of them have different storage options for storing the session data.

Session ModeStorage
InProc Mode (default)Memory of the server
StateServer Mode Separate process called the ASP.NET state service
SQL Server ModeSQL Server
Custom ModeCustom storage
Off - session disabled.

InProc mode

This is the default session mode. It stores data to the server memory in the current application domain and therefore it is quickly accessible. The biggest disadvantage of this mode is that the session data will be lost if we restart the server. It is suitable only for small web applications.

StateServer mode

In this mode, the session state is stored in a separate process called ASP.NET state service ( independent of IIS ) and is managed by aspnet_state.exe which runs as a service. This preserves the session data even if the application is restarted. It also makes the session data available to multiple servers.

Configuring StateServer mode

To use this mode, you have to make sure that the aspnet_state.exe is running as described below.

  • Press Win + R and type services.msc.
  • Locate ASP .NET State Service from the list -> Right click and select Properties.
  • In the next frame, Startup type will be set to Manual by default. Change it to Automatic and click Ok.

For your ASP .NET application to be able to use StateServer mode, go to web.config file and add the following code:

<system.web>
     <sessionState mode="StateServer" 
     stateConnectionString="tcpip=SampleStateServer:42424"
     cookieless="false"
     timeout="20"/>
 </system.web>
  • cookieless – Specifies whether cookies can be used to store data.
  • timeout – The maximum duration ( in seconds ) for the application to wait for the service to respond. The default time is 10 seconds.
  • stateConnectionString – Specifies the system that runs the state server. By default, the IP used is 127.0.0.1 and the port is 424242. You can also specify the connection string as:

stateConnectionString="tcpip=127.0.0.1:42424"

This mode is slower than InProc mode because the data to be stored should be serialized.

SQLServer mode

The SQL Server session mode stores session data to the database. Like State Server mode, SQL Server mode also stores data separate from the application domain. This makes it possible to maintain session data even after an application or server restart. As data is stored in the database, it is accessible to multiple servers running the same application. This is the most reliable and safe session mode in ASP .NET.

The main drawback of this mode is that it is the slower than other modes. If you are giving importance for reliability, speed is a factor that can be ignored.

With SQL Server, we can share session data between more than one applications.

I think, configuring your application to use SQL server mode is a topic that needs some detailed explanation. So I’ll write about it later.

Read this article to see how you can configure your application to use SQL Server mode.

Custom session state

With this mode, you can define custom sources to store the session state data. It can be used to store session data to MySQL, MS Access etc. Personally, I prefer SQL Server mode over the other modes because it is the most reliable and scalable one among others.