Background of ASP.NET Session State
ASP.NET session state enables you to store and retrieve values for a user as the user navigates ASP.NET pages in a Web application. HTTP is a stateless protocol. This means that a Web server treats each HTTP request for a page as an independent request. The server retains no knowledge of variable values that were used during previous requests. ASP.NET session state identifies requests from the same browser during a limited time window as a session, and provides a way to persist variable values for the duration of that session. By default, ASP.NET session state is enabled for all ASP.NET applications.
Alternatives to session state include the following:
*
Application state, which stores variables that can be accessed by all users of an ASP.NET application.
*
Profile properties, which persists user values in a data store without expiring them.
*
ASP.NET caching, which stores values in memory that is available to all ASP.NET applications.
*
View state, which persists values in a page.
*
Cookies.
*
The query string and fields on an HTML form that are available from an HTTP request.
In-process Mode in asp.net
In-process mode simply means using ASP.NET session state in a similar manner to classic ASP session state. That is, session state is managed in process and if the process is re-cycled, state is lost. Given the new settings that ASP.NET provides, you might wonder why you would ever use this mode. The reasoning is quite simple: performance. The performance of session state, e.g. the time it takes to read from and write to the session state dictionary, will be much faster when the memory read to and from is in process, as cross-process calls add overhead when data is marshaled back and forth or possibly read from SQL Server.
In-process mode is the default setting for ASP.NET. When this setting is used, the only other session config.web settings used are cookieless and timeout.
If we call SessionState.aspx, set a session state value, and stop and start the ASP.NET process (iisreset), the value set before the process was cycled will be lost.
asp.net session configuration
Below is a sample config.web file used to configure the session state settings for an ASP.NET application:
cookieless="false"
timeout="20"
sqlconnectionstring="data source=127.0.0.1;user id=
server="127.0.0.1"
port="42424"
/>
The settings above are used to configure ASP.NET session state. Let's look at each in more detail and cover the various uses afterward.
* Mode. The mode setting supports three options: inproc, sqlserver, and stateserver. As stated earlier, ASP.NET supports two modes: in process and out of process. There are also two options for out-of-process state management: memory based (stateserver), and SQL Server based (sqlserver). We'll discuss implementing these options shortly.
* Cookieless. The cookieless option for ASP.NET is configured with this simple Boolean setting.
* Timeout. This option controls the length of time a session is considered valid. The session timeout is a sliding value; on each request the timeout period is set to the current time plus the timeout value
* Sqlconnectionstring. The sqlconnectionstring identifies the database connection string that names the database used for mode sqlserver.
* Server. In the out-of-process mode stateserver, it names the server that is running the required Windows NT service: ASPState.
* Port. The port setting, which accompanies the server setting, identifies the port number that corresponds to the server setting for mode stateserver.
Shrinking Session State in asp.net
ASP.NET provides two default options for storing session state across a Web farm: a session-state provider that invokes an out-of-process session-state server, and a session-state provider that stores data in a Microsoft SQL Server database. Because both options involve storing state information outside a Web application's worker process, session state has to be serialized before it is sent to remote storage. Depending on how much information a developer saves in session state, the size of the serialized data can grow quite large.
ASP.NET 4 introduces a new compression option for both kinds of out-of-process session-state providers. When the compressionEnabled configuration option shown in the following example is set to true, ASP.NET will compress (and decompress) serialized session state by using the .NET Framework System.IO.Compression.GZipStream class.
sqlConnectionString="data source=dbserver;Initial Catalog=aspnetstate"
allowCustomSqlDatabase="true"
compressionEnabled="true"
/>
With the simple addition of the new attribute to the Web.config file, applications with spare CPU cycles on Web servers can realize substantial reductions in the size of serialized session-state data.
Advantages and disadvantages of using Session State in asp.net
The advantages of using session state are as follows:
It is easy to implement.
It ensures data durability, since session state retains data even if ASP.NET work process restarts as data in Session State is stored in other process space.
It works in the multi-process configuration, thus ensures platform scalability.
The disadvantages of using session state are:
Since data in session state is stored in server memory, it is not advisable to use session state when working with large sum of data. Session state variable stays in memory until you destroy it, so too many variables in the memory effect performance.
ASP.NET Interview Questions: Different States in ASP.NET
You can see that a browser on the client side requests a page from the web server. After processing the request and returning the page, the server drops the connection. Then. if the browser makes another request the server has no way to associate the browser with the previous request. So HTTP is called as a stateless protocol. But ASP.NET provides several ways to maintain the state.
View State
View state is used to maintain the values of server control properties. AS ASP.NET implements view state by default you need not to write any special code to use it.
Session State
Session state is used to maintain data between execution of an application. For this, ASP.NET creates a session state object that is kept on the server whenever a user starts a new session. The session state object contain unique session ID, and this ID is sent back and forth between the server and browser each time the user request a page. Then when the server receives a new request from the user, it can retrive the right session state object for that user. You can add data items to the session object in your code, so there previous values are available each time a web form is executed.
Application State
ASP.NET provides an application state object to save application state data, which applies to all the users of an application. You can use application state object to manage global counters to maintain a list of users who are currently logged on to an application.
Profile
ASP.NET also provides profile feature to keep track of user data. Although a profile is similar to session state object, it persists between user session as it is stored in a database. For example we can use profiles we can keep track of the products ordered by an user in an shopping application and when the user starts a new session, you can display those products in a "ordered items" listbox.
asp.net interview questions: state management
- What is the lifespan for items stored in ViewState?
Item stored in ViewState exist for the life of the current page. This includes postbacks (to the same page). - What is ViewState?
ViewState allows the state of objects (serializable) to be stored in a hidden field on the page. ViewState is transported to the client and back to the server, and is not stored on the server or any other external source. ViewState is used the retain the state of server-side objects between postabacks. - What are the different types of Session state management options available with ASP.NET?
ASP.NET provides In-Process and Out-of-Process state management. In-Process stores the session in memory on the web server. This requires the a "sticky-server" (or no load-balancing) so that the user is always reconnected to the same web server. Out-of-Process Session state management stores data in an external data source. The external data source may be either a SQL Server or a State Server service. Out-of-Process state management requires that all objects stored in session are serializable. - What does the "EnableViewState" property do? Why would I want it on or off?
It allows the page to save the users input on a form across postbacks. It saves the server-side values for a given control into ViewState, which is stored as a hidden value on the page before sending the page to the clients browser. When the page is posted back to the server the server control is recreated with the state stored in viewstate.
