Session Modes in ASP.Net

As I have mentioned in previous blog, there are 4 session modes: -
1) In-Proc Session Mode
2) State Server Mode
3) SQL Server Mode
4) Custom

We will see details of these states in this blog.

1) In-Proc Session Mode: -
This is default session mode in asp.net. In this mode session state is managed in process and if the process is recycled the state is lost. The main reason to use this mode inspite of state loss is ‘performance’. As the memory is read through process its performance increases. In web.config we have to mention Session mode and also we have to set the Timeout.

<system.Web>
<sessionState mode=”InProc” timeout=”30” />
</system.Web>

This Session TimeOut Setting keeps session alive for 30 minute. We can also adjust timeout in our code by writing

Session.TimeOut = 30

In-Proc mode is mainly useful for small websites and websites which have less number of users.

Advantages: -
1) It store Session data in memory object of current application domain. So accessing data is very fast and data is easily available.
2) Implementation is very easy.

DisAdvantages: -
1) If the process is run again, all data is lost.
2) Inspite of being fastest, more number of users affects performance.

2) StateServer Session Mode: -
This mode is also known as Out-proc session mode. It is independent to IIS and can also run on a separate server. It used as a Windows Service. It is managed by aspnet_state.exe. This server may run on the same system, but it can’t run inside main application domain. It has to run outside of that main application domain where your web application is running. Due to this feature even if process is restarted the session is alive.

By default”Startup Type" of ASP.NET state service is set to manual, we have to set it as "Automatic" startup type. By default this services listen TCP Port 42424, but we can change the port from registry editor. For State Server Setting we need have to specify the stateConnectionString. This will identify the system that is running state server. By default stateConnectionString used ip as 127.0.0.1 (localhost) and Port 42424.

<system.web>
<sessionState mode=”StateServer” stateConnectionString=”tcpip=127.0.0.1:42424” />
</system.web>

We can also set time to wait for the service to respond before cancelling the request. For doing that we need to add stateNetworkTimeout in above code. By default time is 10 seconds.

Advantages: -
1) Its keeps the data separate from IIS so, any Issue with IIS does not affect Session data.

Disadvantages: -
1) Process is slow.
2) State Server needs to be always running.

3) SQL Server Session Mode: -
This session mode provides us more secure and reliable Session management in asp.net. In this session mode, the Session data is serialized and stored in the SQL Server database. If we have to restart server very frequently, we can use SQL Server session mode. If we have to share sessions between two different applications, we can use SQL Server. In SQL server session mode we store data in SQL server so we need to specify database connection string in web.config. For doing this we can use sqlConnectionString attribute. The easiest way to configure SQL Server is using aspnet_regsql command.

To setup SQL Server we need to take help of two sql Script.
a) For Installing: InstallSqlState.sql
b) For Un-Installing: UninstallSQLState.sql

Advantages: -
1) Inspite of restarting IIS session data is not affected.
2) It is most reliable and secure mode.
3) It stores data centrally (i.e. in database).
4) It can be easily used from other application.

Disadvantages: -
1) Process is slow.
2) Here session data is handled in other server so SQL server should always be running.

4) Custom Session Mode: -
Custom session mode is the most interesting mode among all session modes. In
custom session mode we can we have full control on everything. We can even create session ID. For creating session ID we can even write our own algorithm. For creating session ID we need to implement ISessionIDManager. By using SessionStateStoreProviderBase class we can implement custom providers which store session data.

There are few methods which are called during implementation of Custom Session: -
a) Initialize: - We can set custom provider.
b) SetItemExpireCallback: - To set session time out.
c) Initialize request: - It is called on any request.
d) CreateNewStoreData: - Used to create new instance of SessionStateStoreData.

We need to configure our web.config like below,

<sessionState mode=”Custom” customProvider=”AccessProvider”>
<providers>
<add name=”AccessProvider” type=”CustomDataType” />
</providers>
</sessionState>

Advantages: -
1) We can use existing tables to store session data. When we have to use old databases this mode is more useful than SQL server mode.
2) It does not depend on IIS so even if we restart web server it does not affect session data.
3) We can create our own algorithm for generating session ID.

Disadvantages: -
1) Process is slow.
2) Being a low level task it needs to be handled carefully due to reason of security.