There are different ways to store session in Asp.Net. You can choose any option based on your application requirements.

 

Asp.Net 3.5 provides five different modes to store session state. Those are Off, InProc, StateServer, SQLServer, Custom. By default Asp.Net takes InProc as default mod to store session state. Here we discuss about each mode in-detail.

 

Session State Mode Off:

You can apply this option whenever you application not using session to store any data. That means by applying session mode to Off, you are disabling session for your application. You can set session mode to Off in your application by adding sessionState element in your web.config file and making mode attribute to Off as shown below.

 

<system.web>

 

    <sessionStatemode="Off"/>

 

………………………….

 

</system.web>

 

 

Session State mode InProc:

This is default session state mode in Asp.Net. In this mode session state stored in memory in the same process as Asp.Net process runs. The advantage of session state mode InProc is by using this mode your application becomes very fast because it picks the session state information very quickly (because it is in the same process).

 

You can set session state as InProc in web.config file as shown below.

 

<system.web>

 

    <sessionStatemode="InProc"timeout="120" />

 

………………………….

 

</system.web>

 

Here timeout is number of minutes session has to store the information (after timeout you lost all information stored in session).

 

But there are some disadvantages by using session mode as InProc. First one is, by storing the session state in InProc (that means in same process as Asp.Net Process runs) if your application restarts, then all session information lost. Second disadvantage is, whenever you use session state mode as InProc, that means if you store session state within the web server you cannot run your application on a web farm (that means you cannot run your application on multiple server).

 

You can avoid all these disadvantages by changing the session state mode to other options.

 

Session State mode StateServer:

If you change the session state mode to StateServer, session stores in window NT process instead of Asp.Net Process. That means your isolating the session state from your application. Even though your application restarts, you will not lose any session information. You can store the session information in window NT process of same server or different server by changing session mode to StateServer. By storing the session information in window NT process of different server, you can make application to run on web farm.

 

For example if you want to run your application on web farm which has five servers, in those servers you can use one server to store the session state and remaining will use that server for session information by applying proper settings.

 

You have to make two things to run your application on session state mode StateServer.

 

First one, you have to start the ASP.NET State Service. You can do it by entering Services.msc in your run window and press enter, then services window prompt. Now start the ASP.NET State Service and change the Startup Type to Automatic so that the service starts automatically every time that you reboot your machine as shown below.

 

 

 

Second one, you have to configure your application to work on session state mode StateServer. For that make changes to web.config file as shown below.

 

<system.web>

 

  <sessionStatemode="StateServer" stateConnectionString="tcpip=localhost:81" stateNetworkTimeout="10" /> 

 

    <machineKeydecryption="AES"validation="SHA1"     decryptionKey="A2CF54CF844940C08D44BB251D4045E72B8042AD7B8B6543267D56DFFF9141CF"    validationKey="EDD897FE43DB7AF34BD189351F8ACE8A478486A1C0E3C3944FBFF466294BCE26EE4

                     62596DA599AD48F1A0C99C9A92CEB414281FEFAAD233222A9547ED095F805"

    />

 

………………………….

 

</system.web>

 

As shown above, you have to mention connection string for stateConnectionString attribute if you want to store session state in other web server window NT process. And we included the machineKey element in web.config file. If you want to run your application (on web farm), and you need to use the same State Server to store Session state all other servers in web farm. For that you need to specify explicit encryption and validation keys. You need not to include a machineKey element when the State Server is hosted on the same machine as your ASP.NET application. I will explain in next article about machinekey, about decryption, validation attributes and how to generate decryption and validation keys.

 

If your application is running under session state mode InProc and you want to shift it State Server mode, no need to change anything in your code. Just apply the settings as mentioned above.  

 

Session State mode SQLServer:

You can store session state information in your SQL Server data base by applying session state mode to SQLServer. It will give same advantages as StateServer mode gives.

 

To store session state in SQL Server, you have to complete following steps. First one, configure your data base server to support SQL Server session state and second one, configure your application to use SQL Server Session state.

 

To add necessary tables in your data base to store session state, you can use aspnet_regsql tool which is generally located at C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe.

 

Execute the following command on your server by mentioning the your data base server name.

 

aspnet_regsql -C “Data Source=localhost;Integrated Security=True” –ssadd

 

Here I mentioned my data base server name as localhost. By executing above command, a new data base ASPState is created with necessary tables and stored procedures in given data base server.By default session state stored in tempDB database, to change the session storage data base to ASPState execute following command.

 

aspnet_regsql -C “Data Source=localhost;Integrated Security=True” -ssadd -sstype p

 

Notice that this command includes a -sstype p switch. The p stands for persistent. Session state that is stored in the ASPState database is called persistent Session state because it survives database server restarts.

 

If you want to store Session state in a custom database, execute following command to store Session state in a database named MyDataBase.

 

aspnet_regsql -C “Data Source=localhost;Integrated Security=True”-ssadd -sstype c -d MyDataBase

 

By executing this command creates a new database named MyDataBase that contains both the tables and stored procedures for storing Session state. Notice that the -sstype switch has the value c for custom. The command also includes a -d switch that enables you to specify the name of the new database.

 

If you want to remove the Session state tables and stored procedures from a server, then you can execute the following command:

 

aspnet_regsql -C “Data Source=localhost;Integrated Security=True” –ssremove

 

Executing this command removes the ASPState database. It does not remove a custom Session state database. You must remove a custom database manually.

 

After configuring your data base to store session state, now configure your application to store session state by making changes to web.config file as shown below.

 

<system.web>

 

    <sessionStatemode="SQLServer"sqlConnectionString="Data Source=localhost;Integrated Security=True"sqlCommandTimeout="30" />

 

    <machineKeydecryption="AES"validation="SHA1"

    decryptionKey="A2CF54CF844940C08D44BB251D4045E72B8042AD7B8B6543267D56DFFF9141CF"    validationKey="EDD897FE43DB7AF34BD189351F8ACE8A478486A1C0E3C3944FBFF466294BCE26EE4

                      62596DA599AD48F1A0C99C9A92CEB414281FEFAAD233222A9547ED095F805"

   />

 

………………………….

</system.web>

 

Pass your ASPState data base connection string where you are storing the session state information for sqlConnectionString attribute and timeout period for sqlCommandTimeout.

 

If you want to store session state in custom data base change sqlConnectionString and apply allowCustomSqlDatabase attribute as true as shown below.

 

<system.web>

 

<sessionStatemode="SQLServer"sqlConnectionString="Data Source=YourServer;Integrated Security=True;database=MyDataBase"sqlCommandTimeout="30"allowCustomSqlDatabase="true"/>

 

   <machineKeydecryption="AES"validation="SHA1"

    decryptionKey="A2CF54CF844940C08D44BB251D4045E72B8042AD7B8B6543267D56DFFF9141CF"    validationKey="EDD897FE43DB7AF34BD189351F8ACE8A478486A1C0E3C3944FBFF466294BCE26EE4

                     62596DA599AD48F1A0C99C9A92CEB414281FEFAAD233222A9547ED095F805"

     />

 

………………………….

 

</system.web>

 

Enabling SQL Server session state requires no application code changes. You can initially build your application using in-process Session state and, when you have the requirement, you can switch to SQL Server Session state.