Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Session

0.00/5 (No votes)
11 Oct 2013 1  
ASP.NET Session state provides a place to store values that will persist across page requests.  Values stored in Session are stored on the server

This articles was originally at wiki.asp.net but has now been given a new home on CodeProject. Editing rights for this article has been set at Bronze or above, so please go in and edit and update this article to keep it fresh and relevant.

ASP.NET Session state provides a place to store values that will persist across page requests. Values stored in Session are stored on the server and will remain in memory until they are explicitly removed or until the Session expires.

State management using session is one of the best ASP.NET features, because it is secure, transparent from users, and we can store any kind of object in it. Along with these advantages, sometimes session can cause performance issues in high traffic sites because it is stored in server memory and clients read data from the server.

Storing and retrieving a value in the Session is as simple as:

VB:

'Storing Name in Session
Session("Name") = "John Doe"  'Or Session.Add("Name","John Doe")
'retrieving string
Dim Name As String = Session("Name")

C#:

//Storing Name in Session
Session["Name"] = "John Doe" // Or Session.Add("Name","John Doe");  
//retrieving string
Name = (string)Session["Name"]; 

By default, the Session will be created within the same process that your web site runs in (InProc). This is controlled by a setting in the web.config file:

<sessionState mode="InProc" />

Although running the Session In Process is very convenient, it does mean that all Session values will be lost whenever the application recycles (such as when deploying updates). There are alternate modes you can use that will allow the Session state to survive even when the application recycles. The available options are:

  • Off - No session state will be stored
  • InProc - (The Default) Session state exists within the process the web is using
  • StateServer - Session data is sent to the configured stateserver service
  • SQLServer - Session data is store in the configured SQL Server database

Both the StateServer mode and the SQLServer mode allow Session state to survive an application recycle. But, when storing reference type objects (such as class instances), they can only be stored to StateServer or SQLServer if they have been marked with the Serializable attribute.

There are certain events in Global.asax file associated with Session, Session_Start and Session_End.

The Session_End event only fires in InProc, it does not support session management implemented with OutProc.

An important consideration for using Session state is that the Session does expire. By default, if a user does not access their Session data within 20 minutes (by default), the Session will expire and all items that had been stored in the Session will be discarded. Because of this, it is important to check the object that is returned from the Session to see if it exists or if it is null before you try to work with it. For example:

object sessionObject = Session["someObject"];
if (sessionObject != null) {
 myLabel.Text = sessionObject.ToString();
}

The Session Timeout is adjustable through a web.config setting but increasing the timeout value can put memory pressure on your server that may be undesirable.

<sessionState timeout="number of minutes" />

Other commonly used Session methods are:

  • Session.Abandon() - removes the Session and all items that it contains
  • Session.Clear() - removes all items from the Session
  • Session.RemoveAll() - removes all items from the Session
  • Session.Remove("itemName") - removes the item that was stored under the name "itemName"

How To

Whitepapers/Blogs

Enjoy!

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here