Types of Session state in ASP.Net

Session State

Session state is simply a dictionary with key-value pairs and you can read or write it whenever you need during duration of a session. Session is a time when one concrete user interacts with your web application. Session state unlike application state is separate for each user. Using session state is very easy, you can for example save data from a user control to it:

1. Session["name"] = TextBox1.Text;  

Then you can use this data in any other part of your application simply by referring to it like in the following example:

1. string welcomeString = "Hello " + Session["name"];  

One of the biggest advantages of session state in ASP.NET is that they are process independent, that means that session state can be saved in separate process so other processes can't affect it. Another advantage is that it also can work without cookies enabled in client's browser.

Types of session state modes in ASP.NET

In this section I'll describe different types of session that you can use in ASP.NET. For each of these types you define settings in web.config file. The two main modes are in-process mode and out-of-process mode. The latter can be divided into two more categories: SQL server mode and cookieless.

In-process Mode

In this mode session state is stored in a current process and when this process terminates then also the data saved in session state will be lost. This mode is set by default in ASP.NET, underneath you can see example of configuring such a state in web.config file:

1. <configuration> <sessionstate mode="inproc" cookieless="false" timeout="30" sqlconnectionstring="data source=127.0.0.1;user id=user;password=pass" server="127.0.0.1" port="42424" />  
2. </configuration>  

The most important parameters of this session state are the following:

• mode - there can be three values of this parameters - inproc, sqlserver, stateserver. Value inproc in our example indicates that session state is in in-process mode
• cookieless - boolean value of this parameters indicates if cookies are needed for session state to work
• timeout - indicates a time for how long a session is valid. Each time when user interacts with your application the timeout is set to current time plus value of the timeout

The biggest advantage of this mode is performance. There are no transfers of data between processes so it's significantly faster.

Out-of-process Mode

In this mode session is stored in separate process so other processes can be terminated and session state will be still maintained. This is a sample configuration of session state in web.config for out-of-process mode:

1. <configuration> <sessionstate mode="stateserver" cookieless="false" timeout="30" sqlconnectionstring="data source=127.0.0.1;user id=user;password=pass" server="127.0.0.1" port="42424" />  
2. </configuration>  

Underneath you can see parameters for session state in out-of-process mode:

• mode value set for stateserver indicates that it works in out-of-process mode
• service - indicates a server where state service is, in this example it's a localhost
• port - indicates a port of state service

As I mentioned before the advantage of this mode is that you don't loose session state with a process but it has a worse performance then in-process mode.

SQL Server Mode

In SQL server mode session state is stored in SQL server. To configure it you have to put the following code in web.config file:

1. <configuration> <sessionstate mode="sqlserver" cookieless="false" timeout="30" sqlconnectionstring="data source=server_name;user id=user;password=pass" server="127.0.0.1" port="42424" />  
2. </configuration>  

A parameters that are most important in this mode are:

• mode set to sqlserver value indicates that session state should work in SQL server mode
• sqlconnectionstring - it contains a string with name of the server, user name and password for SQL server

In this mode the biggest advantage is reliability that you won't loose session state, however the disadvantage is that it's slower than previous modes.

Cookieless

In this mode cookies in client's browser are not required to be enabled. This mode works by modifying URL address with id that identifies the session. The configuration is the following:

1. <configuration> <sessionstate mode="stateserver" cookieless="true" timeout="30" sqlconnectionstring="data source=127.0.0.1;user id=user;password=pass" server="127.0.0.1" port="42424" />  
2. </configuration>  

Parameter that is vital for this mode is "cookieless" - set in our example to true, which means that cookies are not needed to maintain the state. You already know what is the advantage of this solution - it doesn't require cookies.