HOWTO: Make sessions really work in .NET

You have sessions in every web based programming language. You have them in PHP, in ASP, and why would ASP.NET be any different. But ASP.NET has a better management of them, we explain how to take advantage.

Basically, a session is data that is kept over multiple requests for pages.

A session was ussually stored on the server with a cookie, containing the session ID, on the client PC.

ASP.NET is no different here, but there were several problems with this system.

First of all, the data would be stored on the server that made the request. If you happen to have multiple servers, serving the same user, the user had in fact 2 different sessions (one for each server).

In ASP.NET, this can be solved in 2 ways. First of all you can store all the session information in an SQL server. 1 SQL server, serving multiple webservers, result in 1 session per user for all the servers.

A second solution is the specifically designed StateServer. This server does nothing but keep track of user sessions (of course this can phisically be the same machine as one of the webservers).

A second problem was the cookie sent to the client PC. Not all browsers support cookies, or the client has them turned off.

This can also be easily solved in ASP.NET. It's as simple as changing 1 value in your applications Web.config.

The section in the Web.config responsible for all this is the section.

Here is what is possible in it:

mode="Off|InProc|StateServer|SQLServer"

cookieless="true|false"

timeout="# minutes"

stateConnectionString="tcpip=hostname:port"

sqlConnectionString="data source=hostname;user id=***;password=***" />

Mode

Off = No sessions

InProc = Standard, about the same as in ASP

StateServer = 1 server does the work

SQLServer = the database server does the work

Cookieless

Send a cookie to the client or incorporate the session ID into every request.

Setting this to true has serious consequences for your search engine placement, as they don't like session IDs in your URLs.

Timeout

The time in minutes after which a session expires when being idle.

StateConnectionString

How to connect to your StatServer, this will be ignored if the mode is not set to StateServer

SqlConnectionString

How to connect to your database server, this will be ignored if the mode is not set toSQLServer

http://tech.hawkfield.be Article based resource site

http://www.hawkfield.be Web design and development

 

Back to FAQS.ORG