I have a need to maintain the session state in the database. However I cannot access the database directly from the web server. The web server communicates with an app server which in turn has access to the database.
Is there a way to configure this? Or does a custom component have to be written.
The reason for this setup is to allow for load balancing and to allow the session of a user to be redirected from one server to another.
Use the ASP.NET Session State service, You can run this service directly on your app server - see notes on MSDN here - and configure all your web hosts to store their user session state on that central state server. The ASP.NET Session State service stores sessions in memory on the app server, and doesn't require a SQL Server database.
Note that if you think you need to store sessions in the database because you are using more than one web server, that is not the case: you can use StateServer. That means you enable the session state service on one machine and set up that machine in the web.config of all your web servers so that they all use the same machine for state.
Your only option is to build a custom component.
They really aren't that difficult to do as the only thing you need is for the browser to send you a value from either a cookie or the query string. What's stored is simply name value pairs.
see http://msdn.microsoft.com/en-us/library/aa479034.aspx
You can write a custom SessionState provider.. I think it's the only way.. Have a look on MSDN here.
Related
I have an ASP.NET Application which runs an multiple Web Servers in Azure (these are all virtual machines and not Azure Websites).
If a user logs himself in (currently forms authentication) everything is fine but if he clicks on a link he might get redirected to another server in the server group where the session cookie is not set.
How could that be solved in azure so that a user is logged in on all machines or is there a way to "bind" a user to a specific server so that he won't jump between the servers?
Thanks for your help!
metabolic
You have to change the session state to be saved in an external persistence solution, like SQL Server or Redis, instead of InProc (which means in memory) which is the setting you have now. The steps to do that are described here for SQL Server. Then if someone ends up in a different server, he'll still be authenticated as the session will be loaded from the persistence solution.
I want to know in which situation i am use this mode ?
Sql Server Mode is one way to handle sessions inside of a web farm for example. If you were to use in proc session state inside of a web farm, you would not be able to share a session over many boxes. Using Sql Server for the storage of the session means that you can load balance your users over the servers inside of the web farm and the session can be retrieved externally, inside of SQL Server. So one web server would allow you to use in proc session state. With many servers you need to store the session state in a common place so all web servers can see the same one.
It's mainly used when you want to use your app on a web farm, web garden, or cluster. Since page requests can come from multiple processes or computers, you can't use an in-process session state provider.
http://idunno.org/articles/277.aspx
Greetings,
What do I have to consider when you are coding an ASP .Net website in regards to if the application will run in a environment where there is a load balancer for the IIS?
All user sessions are running by them self with no shared data between sessions. Single connections to MSSQL. Images and files for download will be hosted on one single server.
Windows Server 2008's, C# and .Net 4.0.
The most obvious item is session state. If you are load balancing, multiple requests from the same user may move between servers. The default session provider for ASP.NET (in-proc) doesn't support this (the user would get a new session each time they moved). The easiest solutions are to move to a ASP.NET state server or SQL Server sessions.
FYI: Both of these solutions require that everything that you put into Session be [Serializable]. The in-proc provider doesn't have this requirement, so you may see some runtime errors and need to modify your code when you change providers.
You're going to need to move your session state into the session state service. Avoid keeping objects in session...if you must keep an object in session, make sure it's marked with the Serializable attribute (this is how it is stored, by serialization).
In general, avoid using Sessions. Keep in mind that ASP.Net Session != FormAuthentication. Chances are that your database will be a bottleneck long before the web server, depending on the nature of the application.
I have my default website in IIS7 bound to an ASP.NET application. This application is using the ASP.NET State Server to store session data. I would like to add an additional ASP.NET MVC application to this website. Is it possible to share the session between these two applications using the state server? I've read that there are ways to do it storing session data in SQL Server, but I can't find any documentation on doing it with the state server.
Thanks,
Nathan
Best advice I have to to switch to SQL Server for the session state store. It's not difficult to set up if you already have SQL Available and use the following technique:
Sharing sessions across applications using the ASP.NET Session State Service
For this situation you are probably best to write your own custom session state provider that runs on a SQL database.
details are here:
http://msdn.microsoft.com/en-us/library/aa479034.aspx
the reason i'd write a custom provider is because simply settings up an SQL session provider will not be enough as the applications will use different session keys and therefore will not share state between them. by writing your own session provider you can have fine grained control over the whole process and therefore override the checks in place using the default sql session provider.
When we add a variable to ASP.NET Session, where are those variables actually stored on the client side?
If you are using the default session in ASP.NET then it is stored in memory inside the ASP.NET worker process. It is a server side cache, nothing at all to do with the client.
There are other session store options available such as dedicated session state machine or sql server. You can also roll your own session provider.
All explained here http://msdn.microsoft.com/en-us/library/ms972429.aspx
The client is given a cookie to identify it (ASP.NET_SessionId) but all the values are stored on the server.
If you use Firebug or Fiddler you can see this being set. You can see what the value is by using Session.SessionID.ToString()
As redsquare suggests the default configuration is to store all the values in the memory of the server (one reason to limit what you store in session) but you can also store it in sql server, state server or your own provider if you wish,
If you alter the value in the identifying cooking then it will alter who the server thinks you are when it comes to returning session variables. We use this feature to help us debug what is in users sessions.
I think also the identifying session cookie has a property called something like HttpReadOnly set so it cannot be read from javascript for security reasons.
The session is stored on the web server and not the client. ASP.NET usually stores a key to the session in a cookie and uses this to identify your session next time you contact the web server.