Session provides the facility to store information on server memory.
Programmatically, session state is nothing more than memory in the shape of a dictionary or hash table, e.g. key-value pairs, which can be set and read for the duration of a user's session. For example, a user selects stocks to track and the Web application can store these values in the user's ASP session instance:
On subsequent pages these values are read and the Web application has access to these values without the user re-entering them:
Advantages and Disadvantages of Session ?
Following are the basic advantages and disadvantages of using session.
- It helps to maintain user states and data to all over the application.
- It can easily be implemented and we can store any kind of object.
- Stores every client data separately.
- Session is secure and transparent from user.
- Performance overhead in case of large volume of user, because of session data stored in server memory.
- Overhead involved in serializing and De-Serializing session Data. because In case of
SQLServersession mode we need to serialize the object before store.
Session IDAsp.Net use
120 bit identifierto track each session. This is secure enough and can't be reverse engineered. When client communicate with server, only session id is transmitted, between them. When client request for data, ASP.NET looks on to session ID and retrieves corresponding data. This is done in following steps,
- Client hits web site and some information is stored in session.
- Server creates a unique session ID for that clients and stored in
Session State Provider.
- Again client request For some information with that unique session ID from Server.
- Server,looks on
Session Providers, and retrieve the serialized data from state server and type cast the object .
Session EventThere are two types of session events available in asp.net.
global.asaxfile of your web application. When a new session initiate
session_startevent raised and
Session_Endevent raised when a session is abandoned or expired.
Below is a sample config.web file used to configure the session state settings for an ASP.NET application:
sqlconnectionstring="data source=127.0.0.1;user id="" password="password"
The settings above are used to configure ASP.NET session state. Let's look at each in more detail and cover the various uses afterward.
- Mode. The mode setting supports three options: inproc, sqlserver, and stateserver. As stated earlier, ASP.NET supports two modes: in process and out of process. There are also two options for out-of-process state management: memory based (stateserver), and SQL Server based (sqlserver). We'll discuss implementing these options shortly.Inpoc mode is by default and time duration is 30 minutes by default.
- Cookieless. The cookieless option for ASP.NET is configured with this simple Boolean setting.
- Timeout. This option controls the length of time a session is considered valid. The session timeout is a sliding value; for each request the timeout period is set to the current time plus the timeout value
- Sqlconnectionstring. The sqlconnectionstring identifies the database connection string that names the database used for mode sqlserver.
- Server. In the out-of-process mode stateserver, it names the server that is running the required Windows NT service: ASPState.
- Port. The port setting, which accompanies the server setting, identifies the port number that corresponds to the server setting for mode stateserver.
Session Mode and State Provider.
In ASP.NET there are following session mode available.
Out of Process can categorized in three parts
For every session State, there is Session Provider. Following diagram will show you how they are related.
we can choose the session State Provider based on which session state we are selecting. When ASP.NET request for any information based on session ID, session state and its corresponding provider are responsible for sending the proper information based on user. Following tables show, the session mode along with there provider Name.
|Session State Mode||State Provider|
| ||In-Memory Object|
"Off". If we select this option the session will be disabled for the application.
Advantages and Disadvantages of In-Process
It store Session data in memory object of current application domain. So accessing data is very fast and data is easily available.