Managing Session State in ASP.Net
HTTP is a stateless protocol which means that each request is processed as it comes; after the request has been processed all of the data is discarded. No state is maintained across requests even from the same client.
- What is ASP.Net?
- ASP.Net for PHP Developers
- Creating a Simple ASP.Net Page
- ASP.Net Website Navigation Using a SiteMap
- Using ASP.Net Master Pages and Content Pages
- Validating Input using ASP.Net
- Tracing and Remote Debug in ASP.Net
- Creating Custom Error Pages with ASP.Net
- Managing Session State in ASP.Net
- Using Themes and Skins in ASP.Net
- Creating User Controls in ASP.Net
- Difference between ASP.Net User and Custom Server Controls
- Creating Fully Themable Websites with ASP.Net
- Ultimate Guide to the Web.Config File
- Adding StyleSheets to ASP.Net via C#
- Extending the Web Sitemap Xml Document
ASP.Net provides a set of functionality to maintain state which can be managed by the client or the server.
Imagine a web form (name.aspx) that asks for a name and shows that name on another page (hello.aspx). In a stateless environment (figure 1) hello.aspx does not know about the information from name.aspx because the data has been discarded. Figure 2 illustrates that in a managed state environment hello.aspx is aware of the data entered.
Types of State Management
|Server Side||Client Side|
Information is available to all users of a web application.
Text files store information to maintain state. The cookie is sent to the server with the information on each page request.
Information is only available to a user of a specific session
Retains values between multiple request for the same page.
SQL Server can store and maintain state on a website.
Information is encrypted and appended to the end of a URL.
Session ID and Cookies
A session in ASP.Net is identified with a SessionID string which is by default stored as a cookie on the client's computer; however, they are less reliable than server side management options since cookies can be deleted or modified by the user, or cookies can be disabled. If cookies have been disabled by a client then session state cannot be maintained using this method and you should use query strings instead.
Query Strings (cookieless)
If cookies cannot be used to store the SessionID then query strings must be used instead. This involved storing the session id within the URL of the page being requested. This is done automatically by the ASP.Net managed code, but it does mean that you cannot generate URLs yourself - they must all come from ASP.Net components.
An example of a query string is
There are a number of issues with using query strings including search engines, duplicate URLs and the possibility of session id tampering. Because there is a limit of 255 characters for the length of a URL you are also limited to the amount of information that can be stored within a query string id.
To enable cookieless state management you need to set the sessionState section of the web config:
<sessionState cookieless="true" />
Application state is a global storage mechanism accessible from all pages by all users in the web application. Application state can be set and accessed using the Application object.
int numberVisitors = Application["NumberOfVisitors"]; Application["SiteName"] = "My Website Title";
Session state is a storage mechanism accessible by the user of a single session. Data cannot be transferred between sessions, nor can one session access the data of another session. Session State should be used to store information about a user or connection and can be accessed or set using the Session object.
Session["UserName"] = LoginForm.Username.Text; Response.Write("Hello " + Session["UserName"]);
Session State requires that a session cookie be loaded onto the clients computer, or a cookie-less implementation involving query strings be used.
By default, the session state information is stored within the process. The advantage is that it is quickly accessible; however, this does not lead to a scalable application. In order to create a scalable session state management process, state data can be stored within a SQL Server database known as a state server.
To enable state servers you need to change the sessionState section of the web.config file.
<sessionState mode="SQLServer" sqlConnectionString="data source=sqlServerName; Integrated security =true" />
On the SQL server you need to prepare it to act as a session server by invoking this command on the command line:
C:\OSQL -S SqlServerName -E InstallSqlState.sql
Where SqlServerName is the name of the server. This command will execute the commands within the InstallSqlState file to create the databases and tables required.
ViewState is used to store the values submitted on a form and only works between requests of the same page. Viewstate is most useful when a form is submitted and presented to the user a second time, maybe to correct an error, and the controls retain the information entered the first time. Without ViewState these value would have been lost.
Last updated on: Friday 8th September 2017
There are no comments for this post. Be the first!