MORE INFORMATION
HTTP is a stateless protocol. Each request is serviced as
it comes; after the request is processed, all of the data is discarded. No
state is maintained across requests even from the same client.
However, it is very useful to maintain state across requests for certain
solutions. ASP.NET enables you to maintain both application state and session
state through use of application and session variables respectively.
This article addresses the following state management topics:
Application State
Application state variables are, in effect, global variables for
each ASP.NET application. You can share values of these variables throughout
that application. These variables are usually set in the
Application_OnStart event and then accessed and modified in individual ASP.NET
pages.
The lifetime of application variables spans through the
lifetime of the ASP.NET application until the application is
unloaded.
For more information about application state, refer to the
following topic in the .NET Framework Software Development Kit (SDK)
documentation:
Session State
You can store values that need to be persisted for the duration
of a user's session in session variables. These variables are unique to each
user session and can be accessed in any ASP.NET page within an application. You
can set and access session information from within an ASP.NET application. For
example:
Microsoft Visual Basic .NET
'Assign a value to the myvariable session variable.
Session("myvariable") = "somevalue"
'Retrieve the value of the myvariable session variable.
If not(Session("myvariable")is nothing) Then
Dim myString As String = Session("myvariable").ToString()
End If
Microsoft Visual C# .NET
//Assign a value to the myvariable session variable.
Session["myvariable"] = "somevalue";
//Retrieve the value of the myvariable session variable.
string myString;
if (Session["myvariable"] != null)
myString = (string)Session["myvariable"];
It is important to remember that session variables are now objects.
Thus, to avoid a run-time error, you should check whether the variable is set
before you try to access it.
Session variables are automatically
discarded after they are not used for the time-out setting that is specified in
the Web.config file. On each request, the time out is reset. The variables are
lost when the session is explicitly abandoned in the code.
When a
session is initiated on first request, the server issues a unique session ID to
the user. To persist the session ID, store it in an in-memory cookie (which is
the default), or embed it within the request URL after the application name. To
switch between cookie and cookieless session state, set the value of the
cookieless parameter in the Web.config file to
true or
false.
In cookieless mode, the server automatically inserts
the session ID in the relative URLs only. An absolute URL is not modified, even
if it points to the same ASP.NET application, which can cause the loss of
session variables.
ASP.NET supports three modes of session state:
- InProc: In-Proc mode stores values in the memory of the ASP.NET worker
process. Thus, this mode offers the fastest access to these values. However,
when the ASP.NET worker process recycles, the state data is lost.
- StateServer: Alternately, StateServer mode uses a stand-alone Microsoft
Windows service to store session variables. Because this service is independent
of Microsoft Internet Information Server (IIS), it can run on a separate
server. You can use this mode for a load-balancing solution because multiple
Web servers can share session variables. Although session variables are not
lost if you restart IIS, performance is impacted when you cross process
boundaries.
- SqlServer: If you are greatly concerned about the persistence of session
information, you can use SqlServer mode to leverage Microsoft SQL Server to
ensure the highest level of reliability. SqlServer mode is similar to
out-of-process mode, except that the session data is maintained in a SQL
Server. SqlServer mode also enables you to utilize a state store that is
located out of the IIS process and that can be located on the local computer or
a remote server.
Note You can use all three modes with in-memory cookie or cookieless
session ID persistence.
For more information about session state,
refer to the following topic in the .NET Framework SDK documentation:
Configuring Session State
You can configure session state in the
<sessionState> configuration section of the Web.config file. The
<sessionState> configuration section appears similar to the following:
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=<username>;password=<strong password>"
cookieless="false"
timeout="20" />
For more information about the
<sessionState> configuration section, refer to the following topic in the .NET
Framework SDK documentation:
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
317604
HOW TO: Configure SQL Server to
Store ASP.NET Session State