ASP.NET Session state provides a place to store values that will persist across page requests. Values stored in Session are stored on the server and will remain in memory until they are explicitly removed or until the Session expires.
State management using session is one of the best ASP.NET features, because it is secure, transparent from users, and we can store any kind of object in it. Along with these advantages, sometimes session can cause performance issues in high traffic sites because it is stored in server memory and clients read data from the server.
Storing and retrieving a value in the Session
is as simple as:
VB:
Session("Name") = "John Doe" Dim Name As String = Session("Name")
C#:
Session["Name"] = "John Doe" Name = (string)Session["Name"];
By default, the Session will be created within the same process that your web site runs in (InProc
). This is controlled by a setting in the web.config file:
<sessionState mode="InProc" />
Although running the Session In Process is very convenient, it does mean that all Session values will be lost whenever the application recycles (such as when deploying updates). There are alternate modes you can use that will allow the Session state to survive even when the application recycles. The available options are:
Off
- No session state will be stored
InProc
- (The Default) Session state exists within the process the web is using
StateServer
- Session data is sent to the configured stateserver service
SQLServer
- Session data is store in the configured SQL Server database
Both the StateServer
mode and the SQLServer
mode allow Session state to survive an application recycle. But, when storing reference type objects (such as class instances), they can only be stored to StateServer
or SQLServer
if they have been marked with the Serializable attribute.
There are certain events in Global.asax file associated with Session
, Session_Start
and Session_End
.
The Session_End
event only fires in InProc
, it does not support session management implemented with OutProc
.
An important consideration for using Session
state is that the Session does expire. By default, if a user does not access their Session data within 20 minutes (by default), the Session will expire and all items that had been stored in the Session will be discarded. Because of this, it is important to check the object that is returned from the Session to see if it exists or if it is null
before you try to work with it. For example:
object sessionObject = Session["someObject"];
if (sessionObject != null) {
myLabel.Text = sessionObject.ToString();
}
The Session Timeout is adjustable through a web.config setting but increasing the timeout value can put memory pressure on your server that may be undesirable.
<sessionState timeout="number of minutes" />
Other commonly used Session
methods are:
Session.Abandon()
- removes the Session
and all items that it contains
Session.Clear()
- removes all items from the Session
Session.RemoveAll()
- removes all items from the Session
Session.Remove("itemName")
- removes the item that was stored under the name "itemName
"
How To
Whitepapers/Blogs
Enjoy!