Escolar Documentos
Profissional Documentos
Cultura Documentos
Session State
A cookie is very simple and is not suitable for sophisticated storage requirements.
Session state is a workaround for this problem and it gives a method to keep more complex
objects securely.
ASP.NET allows programmers to keep any type of objects in session.
Data stored in session will be kept in server memory and it is protected as it will never get
transmitted to a client.
Every client that uses the application will have separate sessions. Session state is ideal for storing
user specific information.
The following code shows storing a string value in session.
Session["name"] = "Kirti";
Session.Abandon()
Cancels the session and fires end event. This is used when you are done with the session.
Session.Clear() /Session.RemoveAll()
Clears all contents of the session. This will not end the session
Session.Remove(string)
Removes the session name supplied.
If you haven't stored anything in the session, ASP.NET will generate a different session id for
each request.
Once a session has contents, the session id will not change. Session id is the only information
which is sent to the client about sessions.
As said before, ASP.NET sends session id in a cookie named ASP.NET_SessionId.
But this will not work if cookies are disabled by the visitor.
In such cases, ASP.NET passes session id through the URL.
This behavior can be controlled by adding the following section to web.config file under the
system.web section.
<sessionState
cookieless="UseUri" />
Session Timeout
Each session will have a timeout value (default 20Mins).
If the page is not getting any requests within the timeout limit specified, ASP.NET will assume
that the user has left the application and it immediately terminates the session and fires the End
event.
This helps the server to cleanup unused sessions and gives room for new requests.
Timeout value can be changed from web.config file or through code.
Timeout value is specified in minutes.
<sessionState
timeout="60" />
or
Session.Timeout = 60;
Mode
Configuration
Storage
location
Description
InProc
Description Pros/Cons
Mode
Configuration
StateServer
Storage
location
Description
<sessionState>mode="StateServer">
stateConnectionString="tcpip=Yourservername:42424"
/>
Description Pros/Cons
Mode
Configuration
SQL Server
Storage
location
Description
<sessionState mode="SQLServer"
sqlConnectionString="..."
/>
Description Pros/Cons
If any of the above discussed methods are not satisfying your storage requirements, ASP.NET
allows to specify a custom storage provider.
Application State
ASP.NET implements application state using the System.Web.HttpApplicationState
class.
It provides methods for storing information which can be accessed globally.
Information stored on application state will be available for all the users using the website.
Usage of application state is the same as sessions.
The following code shows storing a value in an application variable and reading from it.
Application_Start This event executes when application initializes. This will execute
when ASP.NET worker process recycles and starts again.
Application_End Executes when the application ends.
Session_Start Executes when a new session starts.
Session_End Executes when session ends. Note : this event will be fired only if you are
using InProc as session mod.
A Practical Example
The most common usage of application variables is to count the active number of visitors that
are browsing currently.
We can utilize session_start and session_end events to do this.
The following code shows how this is done.
QueryString
This is the most simple and efficient way of maintaining information across requests.
The information you want to maintain will be sent along with the URL. A typical URL with a
query string looks like
www.somewebsite.com/search.aspx?query=foo
The URL part which comes after the ? symbol is called a QueryString.
QueryString has two parts, a key and a value. In the above example, query is the key and foo
is its value.
You can send multiple values through querystring, separated by the & symbol. The following
code shows sending multiple values to the foo.aspx page.
Response.Redirect("foo.aspx?id=1&name=foo");
The foo.aspx page will get the values like in the following table.
Key
Value
id
name
1
foo
string id = Request.QueryString["id"];
string name = Request.QueryString["name"];
If you try to get a value which is not in the QueryString collection, you will get a NULL reference
URL length has limitations. So you can't send much information through URL.
Information passed is clearly visible to everyone and can be easily altered.
If your website has large number of visitors and session timeout can cause
problem, It is better to change Session Mode Session="InProc" to
Session="StateServer".
Main Advantage of Session StateServer (Best to choose while hosting on third
party server)
1. Session is persistent and reliable.
2. Avoid Session Timeout due to Memory shortage on server (IIS Setting).
Main Disadvantage
1. Poor Performance compare to Session="InProc"
2. Session_End Event would not fire.
Now lets understand
Steps for changing Session InProc Mode to Session StateServer Mode.
Step 1: Start Asp.net State Servcie
1. Go to Control Panel > Administrative Tools > Services
2. Select Asp.Net State Service.
3. Right Click on Asp.net State Service and choose start from popup menu.
Understanding Serialization in C#
[Serializable]
Class Department
{
long
_deptId;
string _deptName;
public long DeptId
{
get {
return _deptId; }
set { _deptId = value; }
}
public string DeptName
{
get {
return _deptName; }
set { _deptName = value; }
}
}
IMPORTANT While doing Serialization
Remember SQLConnection cannot be serialized.
You might receive following error if you don't handle this situation.
Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode,
ASP.NET will serialize the session state objects, and as a result nonserializable objects or MarshalByRef objects are not permitted. The same
restriction applies if similar serialization is done by the custom session
state store in 'Custom' mode.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details: System.Web.HttpException: Unable to serialize the session
state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the
session state objects, and as a result non-serializable objects or
MarshalByRef objects are not permitted. The same restriction applies if
similar serialization is done by the custom session state store in 'Custom'
mode.
Example:
[Serializable]
Class Department: IDeserializationCallback
{
long
_deptId;
string _deptName;
public long DeptId
{
get {
return _deptId; }
set { _deptId = value; }
}
public string DeptName
{
get {
return _deptName; }
set { _deptName = value; }
}
//Create this Method Inside your Class
void IDeserializationCallback.OnDeserialization(object sender)
{
//Recreate your connection here
_mainConnection = new SqlConnection();
_mainConnection.ConnectionString =
ConfigurationSettings.AppSettings["connStr"].ToString();
}
}
Scalability: If you are looking for a highly scalable option to store your session
variables, the SQL Server option is for you. It is a much more scalable option than the
others. Web farm architecture can very easily access the session variables because they are
stores in an independent database.
Security: SQL Server is more secure than the in-memory or state server option. You
can protect your data more easily by configuring SQL Server security.
The session state mode can be configured via a <sessionState> tag of the web.config file.
Now, this step-by-step article demonstrates how to configure Microsoft SQL Server for
ASP.NET SQL Server mode session state management.
Job 1: Configuring SQL Server to use ASP.NETs SQL Server Session State
Step 1: Find the sql script file installed by .NET SDK and execute it on SQL Server to setup
database.
Step 2: Double click above file to install it on SQL Server, after installation you will get
following database tables and stored procedures.
Now, we done with database setup, lets create a demo web application and will create
shopping cart like application and will let the user to add the products to cart and at the end
will show the product list to user. Think, if are developing e-commerce website that is using
multiple servers, then how will you manage the sessions, because session directly depends
on server and your website using multiple servers, in this case you will lose all the
sessions/products that user selected when jump to another server. No worries we are using
centralized server that is SQL Server to manage our sessions. Go ahead and setup a
website.
Job 2: Setup Web Application
At very first, lets modify our existing web.config file to use SQL Server Mode Sessions. To
do this add a connectionstring that will point tempdb database.
<connectionStrings>
<add name="tempdbConnectionString1" connectionString="Data Source=ITORIAN-PC1;Initial
Catalog=tempdb;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
You can notice the mode attribute in above code that is using SQLServer. Once you done,
lets setup website pages.
Case Study: We will create two pages in our website, one will show the product list and
another will show the selected products, will call those pages by name Products.aspx and
Cart.aspx. Ill be using Northwind database in this project.
Products.aspx Code
<div>
<asp:GridView ID="GridView1" runat="server"
AllowPaging="True" AutoGenerateColumns="False" DataSourceID="SqlDataSource1"
Width="48%" OnSelectedIndexChanged="GridView1_SelectedIndexChanged"
PageSize="5">
<Columns>
<asp:BoundField DataField="ProductName"
HeaderText="ProductName"
SortExpression="ProductName" />
<asp:BoundField DataField="UnitPrice"
HeaderText="UnitPrice"
SortExpression="UnitPrice" />
<asp:CommandField SelectText="Add to cart"
ShowSelectButton="True" />
</Columns>
</asp:GridView>
<asp:HyperLink ID="HyperLink1" runat="server"
NavigateUrl="~/Cart.aspx" Font-Bold="True"
Font-Size="Large">I'm Done, show products</asp:HyperLink>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:NorthwindConnectionString1 %>"
SelectCommand="SELECT [ProductName],
Cart.aspx Code
<div>
<asp:GridView ID="GridView1" runat="server"
AutoGenerateColumns="False" Width="48%">
<Columns>
<asp:BoundField DataField="productname"
HeaderText="Product Name" />
<asp:BoundField DataField="qty"
HeaderText="Quantity" />
</Columns>
</asp:GridView>
</div>
Cart.aspx.cs Code
protected void Page_Load(object sender, EventArgs e)
{
GridView1.DataSource = (DataSet)Session["sCart"];
GridView1.DataBind();
}
Cost: Because you are storing your data in a SQL Server database, you need to have
a SQL Server license. This can add to overall cost of your Web site.
Serializable data: This method requires that all the data stored in session variables
must be serializable. This may force you to mark your own classes as [Serializable] if you
want to store them in a session.