Session State (Server-side) - asp.net

Ok I'm sure this is pretty obvious. But when you say session state is persisted on the "server" in memory, are we talking about IIS or what? When I think of Server-side session State, I think memory in terms of IIS app pools and such. Am I off base or missing anything here?
http://msdn.microsoft.com/en-us/library/75x4ha6s.aspx
the term "server" could mean many things. Sure it's "server-side" but what specific process / memory / area / app on the server are we talking about (IIS only? other?)
I wish MS would have explained what they mean because that's pretty relative.
Specifically this, "store on server"
Storing Data on the Server (in memory)
• Session state
• Application state
• Profile Properties
so "on the server" where in memory and what process/app is handling each of these?

" Sure it's "server-side" but what specific process / memory / area / app on the server are we talking about (IIS only? other?)"
Each site runs in an application pool and each application pool is basically a process on your web server. If your session is configured to be in process, your session objects will be stored in that process' memory

It depends. By default it's in the worker process memory, but it can be on a dedicated state server or in SQL or your own custom provider.
From MSDN:
ASP.NET session state supports several different storage options for session data. Each option is identified by a value in the SessionStateMode enumeration. The following list describes the available session state modes:
InProc mode, which stores session state in memory on the Web server. This is the default.
StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
SQLServer mode stores session state in a SQL Server database. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
Custom mode, which enables you to specify a custom storage provider.
Off mode, which disables session state.

ASP.NET is just a framework; it's a collection of classes, and they execute code. It's this code that provides you with session state, and it stores the information about your session state in some objects, just like a dictionary or similar.
(When doing In Proc, then you have state server, sql server, and custom, where custom can be anything as long as someone has written some code implementing the right interfaces)

Related

Where are sessions stored in ASP.net MVC 5 applications?

I'm working on an ASP.net 4 web application using MVC5. I'm curious as to where sessions are stored in the default application scaffold running locally and whether there's any configuration available.
The session is configured on web.config. By default is saved on memory and a service that runs on server is handle that. Other way is to save it on a database...
This is the Session-State Modes... from MSDN:
InProc mode, which stores session state in memory on the Web server. This is the default.
StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
SQLServer mode stores session state in a SQL Server database. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
Custom mode, which enables you to specify a custom storage provider.
Off mode, which disables session state.

Stop Session Expiring on App Restart

We constantly deploy updates to our application
However each deploy terminates all user sessions.
I want to implement a session system that doesnt have this issue using cookies or similar.
What is the best approach?
There are basically four ways of handling session (from MSDN):
InProc mode, which stores session state in memory on the Web server. This is the default.
StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is
preserved if the Web application is restarted and also makes session
state available to multiple Web servers in a Web farm.
SQLServer mode stores session state in a SQL Server database. This ensures that session state is preserved if the Web application is
restarted and also makes session state available to multiple Web
servers in a Web farm.
Custom mode, which enables you to specify a custom storage provider.
You are, most likely, using In Process session (the first one listed) which is causing the session drops during the deployment process.
Moving to any of the others would meet your requirement, but none are instance and they all have upsides and downsides, so you'd need to pick the one that meets your (and your organizations) needs.

what are different types of sessions in ASP.NET

Here I want to know different types of Session in ASP.NET and not Session States. That was the question asked in an interview.
Session-State modes are 5 type:
InProc mode: which stores session state in memory on the Web server. This is the default.
StateServer mode: which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
SQLServer mode stores session state in a SQL Server database. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
Custom mode: which enables you to specify a custom storage provider.
Off mode: which disables session state.
Check the detail. https://msdn.microsoft.com/en-us/library/ms178586.aspx
Typical sessions are based on a cookie. The server gives you one, you send it to the server upon every request. However, Asp.net allows you a different type of sessions as well - cookieless sessions. The session id is then "stored" in the URL address. This technique is very dangerous if used improperly.
Would definitely need more clarification from the OP. I feel the terms are being used inter-changeably.
By nature web is state-less. To overcome this ASP.Net provides several state management options like viewstate, controlstate etc. Session State is one of these options.
ASP.NET session state supports several storage options for session variables. Each option is identified as a session-state mode type. There are four mode types or just modes. In-Process mode, State Server mode, SQL Server mode, Custom mode and Off mode. These are modes. In-Process mode uses memory as session storage. State Server mode uses state-server as session storage. And so on. Besides, when a mode is specified by way of web.config, some additional parameters are also required like connectionstring, timeout etc. One of these parameters is "cookieless" for which the default value is "AutoDetect". If specified as "true", it will embed the ID in url. (As explained by #naivists). Cookieless option can be used with any mode.
This is all what there is to ASP.Net Session. I feel there is just some confusion on terms state, mode, mode type, storage etc. being used interchangeably. Apart from that there should be no other separate thing as "session type".
There are three kinds of session, and they are listed as follows
Inprocess.
Outprocess.
Sql server session.
where they are stored.
inproc - default stored in web.config.
outproc - stored in server side.
Sql server - stored in database.
You have following types of session management in asp.net which you can define in your web.config file
Session mode="inproc"...means the session will be stored on the webserver within your application
session mode="outproc"....means session will be stored on the server outside your application
session mode="stateserver"...means session will be stored in a temporary memory in the database
session mode="sqlserver"...means session will be stored in the database permanently.
three types of session in asp.net.
inprocess session
out Process session
SQl-server session

What is and why use Session Mode : SQL Server Mode?

I want to know in which situation i am use this mode ?
Sql Server Mode is one way to handle sessions inside of a web farm for example. If you were to use in proc session state inside of a web farm, you would not be able to share a session over many boxes. Using Sql Server for the storage of the session means that you can load balance your users over the servers inside of the web farm and the session can be retrieved externally, inside of SQL Server. So one web server would allow you to use in proc session state. With many servers you need to store the session state in a common place so all web servers can see the same one.
It's mainly used when you want to use your app on a web farm, web garden, or cluster. Since page requests can come from multiple processes or computers, you can't use an in-process session state provider.
http://idunno.org/articles/277.aspx

Load balancing with IIS and ASP .Net

Greetings,
What do I have to consider when you are coding an ASP .Net website in regards to if the application will run in a environment where there is a load balancer for the IIS?
All user sessions are running by them self with no shared data between sessions. Single connections to MSSQL. Images and files for download will be hosted on one single server.
Windows Server 2008's, C# and .Net 4.0.
The most obvious item is session state. If you are load balancing, multiple requests from the same user may move between servers. The default session provider for ASP.NET (in-proc) doesn't support this (the user would get a new session each time they moved). The easiest solutions are to move to a ASP.NET state server or SQL Server sessions.
FYI: Both of these solutions require that everything that you put into Session be [Serializable]. The in-proc provider doesn't have this requirement, so you may see some runtime errors and need to modify your code when you change providers.
You're going to need to move your session state into the session state service. Avoid keeping objects in session...if you must keep an object in session, make sure it's marked with the Serializable attribute (this is how it is stored, by serialization).
In general, avoid using Sessions. Keep in mind that ASP.Net Session != FormAuthentication. Chances are that your database will be a bottleneck long before the web server, depending on the nature of the application.

Resources