I have my default website in IIS7 bound to an ASP.NET application. This application is using the ASP.NET State Server to store session data. I would like to add an additional ASP.NET MVC application to this website. Is it possible to share the session between these two applications using the state server? I've read that there are ways to do it storing session data in SQL Server, but I can't find any documentation on doing it with the state server.
Thanks,
Nathan
Best advice I have to to switch to SQL Server for the session state store. It's not difficult to set up if you already have SQL Available and use the following technique:
Sharing sessions across applications using the ASP.NET Session State Service
For this situation you are probably best to write your own custom session state provider that runs on a SQL database.
details are here:
http://msdn.microsoft.com/en-us/library/aa479034.aspx
the reason i'd write a custom provider is because simply settings up an SQL session provider will not be enough as the applications will use different session keys and therefore will not share state between them. by writing your own session provider you can have fine grained control over the whole process and therefore override the checks in place using the default sql session provider.
Related
I was wondering if in ASP.NET MVC5 are the session's identifiers Protected by default ? ( like example are the session IDs are not recoverable via JavaScript or any other browser scripts?)
Also ,does the server side offer security concerning the storage of information?
I was wondering if those features comes by default in the MV5 asp.net framework , or should I implement my own security measures
Because if we read the MSDN
inProc mode, which stores session state in memory on the Web server. This is the default.
StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.
But the real question is , are they encrypted by default?
thank you
All session data in the MVC frameworks are stored on server side . By means , if you want to secure them .Try encrypting them locally so once they get transferred to the server they remain secured more details are explained here :
https://msdn.microsoft.com/en-us/library/ms178586.aspx
In my .NET application i kinda need a session provider which is persistent like Sql Server Session Provider but also provides good performance like InProc Session Provider.
So the idea that i come up with is , to keep session data in memory cache of the application but also use a background thread to store/update it at sql server database. In case, IIS application recycles or somehow the data in memory cache is lost, we will fetch session data from database into memory cache again.
I need to implement a custom session provider which works the way i explained above.However i dont know, if it is good idea or a bad one. I have searched online but there are not many custom session providers.
Any suggestions?
As a future reference, i think what you were asking is basically use the Session State with Sql Server In-Memory. Have a look to the following guide: ASP.NET Session State Provider for SQL Server In-Memory OLTP.
Cheers
I want to know in which situation i am use this mode ?
Sql Server Mode is one way to handle sessions inside of a web farm for example. If you were to use in proc session state inside of a web farm, you would not be able to share a session over many boxes. Using Sql Server for the storage of the session means that you can load balance your users over the servers inside of the web farm and the session can be retrieved externally, inside of SQL Server. So one web server would allow you to use in proc session state. With many servers you need to store the session state in a common place so all web servers can see the same one.
It's mainly used when you want to use your app on a web farm, web garden, or cluster. Since page requests can come from multiple processes or computers, you can't use an in-process session state provider.
http://idunno.org/articles/277.aspx
Greetings,
What do I have to consider when you are coding an ASP .Net website in regards to if the application will run in a environment where there is a load balancer for the IIS?
All user sessions are running by them self with no shared data between sessions. Single connections to MSSQL. Images and files for download will be hosted on one single server.
Windows Server 2008's, C# and .Net 4.0.
The most obvious item is session state. If you are load balancing, multiple requests from the same user may move between servers. The default session provider for ASP.NET (in-proc) doesn't support this (the user would get a new session each time they moved). The easiest solutions are to move to a ASP.NET state server or SQL Server sessions.
FYI: Both of these solutions require that everything that you put into Session be [Serializable]. The in-proc provider doesn't have this requirement, so you may see some runtime errors and need to modify your code when you change providers.
You're going to need to move your session state into the session state service. Avoid keeping objects in session...if you must keep an object in session, make sure it's marked with the Serializable attribute (this is how it is stored, by serialization).
In general, avoid using Sessions. Keep in mind that ASP.Net Session != FormAuthentication. Chances are that your database will be a bottleneck long before the web server, depending on the nature of the application.
I have a need to maintain the session state in the database. However I cannot access the database directly from the web server. The web server communicates with an app server which in turn has access to the database.
Is there a way to configure this? Or does a custom component have to be written.
The reason for this setup is to allow for load balancing and to allow the session of a user to be redirected from one server to another.
Use the ASP.NET Session State service, You can run this service directly on your app server - see notes on MSDN here - and configure all your web hosts to store their user session state on that central state server. The ASP.NET Session State service stores sessions in memory on the app server, and doesn't require a SQL Server database.
Note that if you think you need to store sessions in the database because you are using more than one web server, that is not the case: you can use StateServer. That means you enable the session state service on one machine and set up that machine in the web.config of all your web servers so that they all use the same machine for state.
Your only option is to build a custom component.
They really aren't that difficult to do as the only thing you need is for the browser to send you a value from either a cookie or the query string. What's stored is simply name value pairs.
see http://msdn.microsoft.com/en-us/library/aa479034.aspx
You can write a custom SessionState provider.. I think it's the only way.. Have a look on MSDN here.