Article ID: 307598
Article Last Modified on 5/16/2007
APPLIES TO
- Microsoft ASP.NET 1.1
- Microsoft ASP.NET 1.0
This article was previously published under Q307598
SUMMARY
This article provides an introduction to the ASP.NET state management features.
For additional ASP.NET overviews, refer to the following Microsoft Knowledge Base article:
305140 INFO: ASP.NET Roadmap
MORE INFORMATION
HTTP is a stateless protocol. Each request is serviced as it comes; after the request is processed, all of the data is discarded. No state is maintained across requests even from the same client.
However, it is very useful to maintain state across requests for certain solutions. ASP.NET enables you to maintain both application state and session state through use of application and session variables respectively.
This article addresses the following state management topics:
Application State
Application state variables are, in effect, global variables for each ASP.NET application. You can share values of these variables throughout that application. These variables are usually set in the Application_OnStart event and then accessed and modified in individual ASP.NET pages.
The lifetime of application variables spans through the lifetime of the ASP.NET application until the application is unloaded.
For more information about application state, refer to the following topic in the .NET Framework Software Development Kit (SDK) documentation:
Application State
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconapplicationstate.asp
Session State
You can store values that need to be persisted for the duration of a user's session in session variables. These variables are unique to each user session and can be accessed in any ASP.NET page within an application. You can set and access session information from within an ASP.NET application. For example:
Microsoft Visual Basic .NET
'Assign a value to the myvariable session variable.
Session("myvariable") = "somevalue"
'Retrieve the value of the myvariable session variable.
If not(Session("myvariable")is nothing) Then
Dim myString As String = Session("myvariable").ToString()
End If
Microsoft Visual C# .NET
//Assign a value to the myvariable session variable.
Session["myvariable"] = "somevalue";
//Retrieve the value of the myvariable session variable.
string myString;
if (Session["myvariable"] != null)
myString = (string)Session["myvariable"];
It is important to remember that session variables are now objects. Thus, to avoid a run-time error, you should check whether the variable is set before you try to access it.
Session variables are automatically discarded after they are not used for the time-out setting that is specified in the Web.config file. On each request, the time out is reset. The variables are lost when the session is explicitly abandoned in the code.
When a session is initiated on first request, the server issues a unique session ID to the user. To persist the session ID, store it in an in-memory cookie (which is the default), or embed it within the request URL after the application name. To switch between cookie and cookieless session state, set the value of the cookieless parameter in the Web.config file to true or false.
In cookieless mode, the server automatically inserts the session ID in the relative URLs only. An absolute URL is not modified, even if it points to the same ASP.NET application, which can cause the loss of session variables.
ASP.NET supports three modes of session state:
- InProc: In-Proc mode stores values in the memory of the ASP.NET worker process. Thus, this mode offers the fastest access to these values. However, when the ASP.NET worker process recycles, the state data is lost.
- StateServer: Alternately, StateServer mode uses a stand-alone Microsoft Windows service to store session variables. Because this service is independent of Microsoft Internet Information Server (IIS), it can run on a separate server. You can use this mode for a load-balancing solution because multiple Web servers can share session variables. Although session variables are not lost if you restart IIS, performance is impacted when you cross process boundaries.
- SqlServer: If you are greatly concerned about the persistence of session information, you can use SqlServer mode to leverage Microsoft SQL Server to ensure the highest level of reliability. SqlServer mode is similar to out-of-process mode, except that the session data is maintained in a SQL Server. SqlServer mode also enables you to utilize a state store that is located out of the IIS process and that can be located on the local computer or a remote server.
Note You can use all three modes with in-memory cookie or cookieless session ID persistence.
For more information about session state, refer to the following topic in the .NET Framework SDK documentation:
Configuring Session State
You can configure session state in the <sessionState> configuration section of the Web.config file. The <sessionState> configuration section appears similar to the following:
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=<username>;password=<strong password>"
cookieless="false"
timeout="20" />
For more information about the <sessionState> configuration section, refer to the following topic in the .NET Framework SDK documentation:
<sessionState> Section
http://msdn2.microsoft.com/en-us/library/h6bb9cz9(vs.71).aspx
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
317604 HOW TO: Configure SQL Server to Store ASP.NET Session State
REFERENCES
For more general information about ASP.NET, refer to the following MSDN newsgroup:
Keywords: kbarttyperoadmap kbcookie kbinfo kbstate KB307598
