How Do I Setup an ASP.NET Application to Use State Server or SQL Server Session Management

Introduction

This is a level 101 type of article. In this article, we will explore the basics of how to do SQL server session management or the State Server. I will assume that the reader is just aware of using SQL server management studio and knows how to use Visual Studio for a web application project.

I am writing this article in such depth because lately some developers fresh out of university were having issues configuring this stuff and it lead me to realise that although we have rich information on this subject, it may not be for everyone.

ASP.Net Session Management

ASP.NET has a concept of sessions. What this means is that between web server calls, you can store some data temporarily with ASP.NET and you can then fetch it when you are back to the server in the next call.

One may ask why is this important? You are storing a variable and then getting it back. The reason this is important is because HTTP protocol is stateless. What this means is every call to the web server works as if it is a new call. ASP.NET provides us with a mechanism by using which one may write very simple code:

Session["UserName"] ="Joe"; to write to session

userName = (String) Session["UserName"]; to read from session

It is required that anything written in session should be serializable so that it may be carried on a wire or be stored in database.

This link on MSDN is a good resource to get started on ASP.NET Session management.

ASP.NET allows us to store our sessions in three ways:

1. In memory - The default way. In this mechanism, the session information is stored on the web server. This is very fast, however it is not a very reliable method.
2. State Server - In this mechanism, a Windows service is used to store the session information. It should be noted that there should be only one state server instance running per server farm so that sessions may be shared. State server is installed as a part of installing the .NET Framework. The name of the service for the same is "ASP.NET State Service". State Service is more reliable than in memory because even if one of the web servers goes down (assuming not the one which is executing the state server) the website may still work as the sessions are not lost. This mechanism is slower than in memory as the data has to travel across servers.
3. SQL Server Session Management - In this mechanism, the session is stored in SQL Server. The SQL Server may be any edition from Express to Enterprise for 2005 and above. This mechanism is most reliable as we use SQL Server to store the session information. It also allows freeing up memory when session is not in use. It is however slowest of all the mechanisms as the additional cost of accessing SQL Server comes in.

It should be noted that the Session End Event (the one we write in Global.asax) is not fired in case of State server and SQL Server.

One may argue that alternate mechanisms of writing custom providers exist, but we will ignore those for now.

I will assume that for this article you know how to use the session variable, if not then this link and this one will be helpful.

The in memory session management is the one provided by default and will not require any additional effort. On the other hand, if we choose State Server or SQL Server then the steps given below will be involved.

Steps Involved

1. Create a SQL Server Database with Session management schema or Start the state management service.
2. Update the web.config.

Starting State Management Server

To use the state management server, we need to install the .NET Framework on the machine. To start the server, we need to do the following steps:

1. Goto run.
2. Type Services.msc (for XP /Windows 2003 and above you need to run this as administrator).
3. Start ASP.NET State Service.

Or:

1. Goto run.
2. Type Net Start aspnet_state or aspstate as the case may be.

Please note the following:

1. This is to be done only on one machine on the server farm.
2. Please note down the machine name / IP address of the server.

Setting up SQL Server Database for Session Management

1. Open the SQL Server Management Studio and log in as administrator:

   

2. Right Click on the Database node in the object explorer:

   

3. Click on New Database:

   

4. Add a database name:

   

5. Click on Ok and an empty database is created
   1. Run the Script C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallSqlState.sql, and
   2. C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallSqlStateTemplate.sql

   on this newly created database. This sets up the database server.

Updating Web.config

Finally the web.config needs to be updated so that the session may use the required provider.

If you want to use State server, then make the following entry:

<sessionState mode="StateServer" stateConnectionString="tcpip=<My Server Name>:42424" 
	cookieless="<True or False depending if you want to keep session Id in 
	cookie or in the url>" timeout="<an integer in minutes>" />

For example:

<sessionState mode="StateServer" stateConnectionString="tcpip=StateServer:42424" 
	cookieless="true" timeout="10 />

On the other hand, if you want to use SQL Server, then add to the web.config:

<sessionState mode="SqlServer" sqlConnectionString="<a valid connection string>" 
	cookieless="="<True or False depending if you want to keep session Id 
	in cookie or in the url>" timeout="<an integer in minutes>" />

<sessionState mode="SqlServer" sqlConnectionString="data source=MyStateServer;
	user id=sa; password=sa" cookieless="false" timeout="10" /> 

This is a good place to learn about connection strings.

I hope this helps.

History

• 20^th October, 2009: Initial post