ASP. NET session Status

1. ASP. NET session Status
2. session Status Mode
3. ASP. NET shares sessions among different applications
4. session loss without reason
5. The client uses cookieless to store session information.
6. Fixed session. sessionid

1. ASP. NET session Status

Session status can be used in the following scenarios: To store short-term information specific to a separate session, and requires high security. Do not store a large amount of information in the session state. Note thatProgramCreates and maintains session State objects for the lifetime of each session. In applications that support many users, this may occupy a large amount of server resources and affect scalability. * P1

ASP. net stores session information in the memory space of ASP. NET applications by default. You can use an independent service to store session information to restart ASP.. NET application, the session information is retained, or the session information is stored in SQL server so that the session information can be used by multiple Web servers in the network farm (restart ASP. ), or store session information in the Custom Data storage area. For more information, see session Status mode.

In addition to session Status, ASP. NET also provides other methods to retain data in applications. For comparison of each method, see ASP. NET status management suggestions. * P2

Note:
* P1: ASP. NET state management recommended http://msdn.microsoft.com/zh-cn/library/z1hkazw7 (V = vs.80). aspx
* P2: ASP. NET session state http://msdn.microsoft.com/zh-cn/library/87069683 (V = vs.80). aspx

2. session Status Mode

ASP. NET session Status supports several storage options for session data. Each option is identified by a value in the sessionstatemode enumeration. The following list describes available session Status modes:

 

• Inproc mode, which stores the session Status in the memory of the Web server. This is the default setting. Note: It is the only mode that supports session_onend events.

• StateServer mode, which stores the session status in a separate process named ASP. NET status service. This ensures that the session status is retained when the web application is restarted and the session status can be used on multiple Web servers in the network farm. Note: If the mode is set to StateServer, the objects stored in the session state must be serializable.
• Sqlserver mode: stores session status in an SQL Server database. This ensures that the session status is retained when the web application is restarted and the session status can be used on multiple Web servers in the network farm. Note: For SQL SERVER mode, objects stored in session state must be serializable.
• Custom mode, which allows you to specify a custom storage provider.
• Off mode. This Mode disables the session status.

By allocating a sessionstatemode enumeration value to the mode attribute of the sessionstate element in the web. config file of the application program, you can specify the mode for using the ASP. NET session status. In addition to inproc and off, parameters are required for other modes, such as the connection string value discussed later in this topic. You can view the selected session status by accessing the value of the system. Web. sessionstate. httpsessionstate. mode attribute. * P3

Note:
* P3: session state mode http://msdn.microsoft.com/zh-cn/library/ms178586 (V = vs.80). aspx

3. ASP. NET shares sessions among different applications* P4

How to centralize identity authentication and authorization processes for multiple independent applications

Solution 1:
Every independent web application is put into a unified solution, which is complicated and easy to use.

Solution 2: Use session sharing
In inproc mode, sessions are stored in IIS processes, and each virtual directory is isolated, so sessions cannot be shared.

In StateServer mode, although they are independent State servers (processes), these applications are still isolated in the memory.

Sqlserver mode. Because all session operations are performed by stored procedures and the stored procedure is not encrypted, you can share the stored procedure by modifying the internal structure of the stored procedure.

The aspstate database aspstatetempapplications table stores application information. Each application registers a record at startup, including the Application ID.AlgorithmGenerated) and Application name. The number of applications corresponding to the number of records in this table. What we need to do now is to convert these records into one record, that is, to cheat the framework and make it think that these different applications are the same application.

The tempgetappid stored procedure is used to obtain the application ID information by passing the application name. When each application calls this process, it will go to aspstatetempapplications to check whether there is a corresponding record. If not, it will insert the record and return the corresponding ID.

Alter   Procedure   [ DBO ] . [ Tempgetappid ]
@ Appname Tappname,
@ Appid Int Output
As
Set   @ Appname   =   Lower ( @ Appname )
-- The variable value is fixed so that all applications are used as one
Set   @ Appname   =   ' /Lm/w3svc/650056020/root/personnel/share '
Set   @ Appid   =   Null

Select @ Appid =Appid
From [Tempdb]. DBO. aspstatetempapplications
WhereAppname= @ Appname

Note:
* P4: ASP. NET Sharing Session http://www.3qsoft.com/Article.aspx between different applications? Id = 173

4. session loss without reason* P5

Mode = "inproc"
=
The default configuration method is easy to lose the session. For more information, see

Working principle of session in ASP:
ASP sessions are process-dependent. The ASP sessionstate is stored in the iisprogress, and the program inetinfo.exe is also used. When the inetinfo.exe process crashes, the information is lost. In addition, restarting or disabling the IIS service will cause information loss.

Cause 1:
Files in the bin directory are rewritten. Asp.net has a mechanism. To ensure that the system runs normally after the DLL is re-compiled, it restarts a website process, which will cause session loss, therefore, if an Access database is in the bin directory or another file is rewritten by the system, session loss occurs.

Cause 2:
In the folder option, if the "Open folder window in a separate process" is not opened, once a new window is created, the system may consider it as a new session and cannot access the original session, therefore, you must enable this option. Otherwise, the session will be lost.

Cause 3:
It seems that most of the session loss is caused by the client, so you have to start from the client to see if the cookie has been opened.

Cause 4:
Is there a problem with the session time settings? Will it be lost due to timeout?

Cause 5:
The maximum number of cookies in IE (20 cookies per domain) may cause session loss.

Cause 6:
The Web garden mode and inproc mode are used to save the session

Solving lost experiences
1. Determine if it is caused by cause 1. You can track the modification time of a file in the bin every time you refresh the page.
2. for session read and write logs, each read and write session must be recorded, and the session operations of sessionid, session value, page, current function, and function must be recorded, this makes it much easier to find out the cause of the loss.
3. If this is allowed, we recommend that you use state server or SQL Server to save the session, which is not easy to lose.
4. AddCodeRecord the session creation time and end time. The session loss caused by timeout can be recorded in sessionend.
5. If some code uses client scripts, such as JavaScript to maintain the session status, you should try to debug the script to check whether the session is lost due to a script error.

Q: Why is the session occasionally lost on some machines?
A: It may be related to the machine environment, such as firewall or anti-virus software. Try to disable the firewall.

Q: Why didn't the session_end method be activated when session. Abandon is called?
A: The session_end method only supports sessions of the inproc (in-process) type. Second, to stimulate the session_end method, there must be a session (that is, the session has been used in the system), and at least one request must be completed (this method will be called in this request ).

Q: Why is session frequently lost in inproc mode?
A: This problem is usually caused by application recycling. When an in-process session is used, the session is saved in the aspnet_wp process, when the process is recycled, the session will naturally disappear. To determine whether the process is recycled, you can obtain information by viewing the System Event Viewer.
For more information, see:
Session variables are lost intermittently in ASP. NET Applications
Http://support.microsoft.com/default.aspx? SCID = KB; en-US; q2017148
At 1.0, a bug also causes the worker process to be recycled and restarted. The bug has been fixed in 1.1 and SP2.
For more information about this bug, see:
ASP. NET Worker Process (aspnet_wp.exe) is recycled unexpectedly.
Http://support.microsoft.com/default.aspx? SCID = KB; en-US; q321792

Q: What types of objects can be stored in the session?
A: This depends on the session mode. When using an inproc session, you can easily save any object. If you use the non-inproc mode, you can only save the objects that can be serialized and deserialized. If the stored objects do not support serialization, they cannot be saved to this mode (non-inproc).

Q: Why can't I use the response. Redirect and server. transfer methods to jump to the page in session_end?
A: session_end is an event processing function that is triggered inside the server. It is based on the Internal timer of a server. When the event is triggered, there is no related httprequest object on the server. Therefore, the response. Redirect and server. transfer methods cannot be used at this time.

Q: Can I obtain the httpcontext object in session_end?
A: No, because this event is not associated with any request and is not based on the request context.

Q: How do I use session in Web service?
A: To use a session in a web service, you need to do some additional work on the web service caller. You must save and store the cookies used to call the web service. For more information, see the httpwebclientprotocol. cookiecontainer attribute in the msdn document. However, if you use a proxy server to access the Web service due to framework restrictions, the two cannot share sessions.

Q: When I use webfarm, why is the session lost when I redirect to another Web server?
A: For more information, see:
PRB: session state is lost in Web farm if you use sqlserver or StateServer session Mode
Http://support.microsoft.com/default.aspx? SCID = KB; en-US; 325056

Q: Are sessions valid in global. asax events?
A: The session is valid only after the acquirerequeststate event. All events after the event can use the session.

Q: Does the session provide a locking mechanism to allow sequential access to session Status values?
A: The session implements the reader/writer lock mechanism:
When the page has a writable function for the session (that is, the page has a <% @ page enablesessionstate = "true" %> flag), the session of the page holds a write lock until the request completes.
When the page has the read-only function for the session (that is, the page is marked with <% @ page enablesessionstate = "readonly" %>), the session of the page is read locked.
A read lock will block a write lock; A read lock will not block a read lock; A write lock will block all read/write locks. This is why when the same page in the two frameworks writes the same session, one of them starts to write after the other (the one that is a little faster) completes.

Q: What does session smooth timeout mean?
A: The session smooth timeout means that as long as you access (use) The session, the timeout will be refreshed (which can be understood as re-timing), that is, starting from the page request, the timeout value is recalculated. However, the session cannot be disabled on this page. It will automatically access the session on the current page and refresh the timeout time.

Q: Why is the session invalid in the event handler function in global. asax?
A: It depends on the event processing function in which the session is used. The session is valid only after the acquirerequeststate event. All event processing functions after the event can use the session, but not the previous one.

Q: When I use inproc mode to save a session, where is the session stored?
A: Different IIS processing methods are different,
When iis5's session is used, the session is stored in the process space of aspnet_wp.exe.
When iis6is used, all application sharing application pools are in bad condition, and sessionis stored in the w3wp.exe process space.

Q: Will my session be saved when an error occurs on the page? I need to handle some cleanup work in session_end, but it fails. Why?
A: session_end is executed only when the session runs in inproc mode. Session_end is the account that runs the aspnet_wp workflow (this can be set in machine. config ). Therefore, if you use the Integrated Security link to SQL in the session_end method, it will use the account of the aspnet_wp process to open the link. At this time, success and otherwise depend on your SQL security settings.

Q: Can I obtain valid httpsessionstate and httpcontext objects in session_end?
A: You can obtain the httpsessionstate object in this method. You can directly use session to access the object. However, the httpcontext object cannot be obtained because the event is not associated with any request, so there is no context object.

Q: Why does my session not expire when I use session in sqlserver mode?
A: In sqlserver mode, session expiration is completed through SQL Agent Registration. Check whether your SQL Agent is running?

Q: After I set enablesessionstate to "readonly", I can still modify the session value in inproc mode. Why?
A: even if the enablesessionstate is set to readonly, You can edit the session in inproc mode. The only difference is that the session will not be locked during the request process.

Q: Why is my request suspended after I switch to sqlserver mode?
A: Check whether all objects saved in the session are objects that can be saved in sqlserver mode. That is, these objects must support serialization.

Q: What will happen when the session is set to cookieless?
A: When cookieless is set to true, the following constraints are imposed:
1. You cannot use absolute links on the page.
2. Some other steps are required in addition to switching between HTTP and HTTPS in the application.
If you send a link to another user, the URL contains the session ID information, so the two users share a session.

Note:
* P5: session loss http://topic.csdn.net/u/20081208/14/c154543c-8e86-406b-82a2-d3cc6f736b0d.html

5. The client uses cookieless to store session information.

Change cookieless = "false" in sessionstate to cookieless = "true". In this way, the session information of the client is no longer stored using cookies, but stored through URLs. Close the current IE, open a new IE, and re-access the Web application, the browser address will change to http: // localhost/mytestapplication /(Ulqsek45heu3ic2a5zgdl245)/Default. aspx indicates the session ID of the client. Note that this information is automatically added by IIS and does not affect the normal connection. * P6

Q: What will happen when the session is set to cookieless?
A: When cookieless is set to true, the following constraints are imposed:
1. You cannot use absolute links on the page.
2. Some other steps are required in addition to switching between HTTP and HTTPS in the application.
If you send a link to another user, the URL contains the session ID information, so the two users share a session. * P7

Note:
* P6: [ASP. NET] session detailed explanation http://www.blueidea.com/tech/program/2004/1856.asp
* P7: session loss http://topic.csdn.net/u/20081208/14/c154543c-8e86-406b-82a2-d3cc6f736b0d.html

 
6. Fixed session. sessionid

• Isnewsession: gets a value indicating whether the work segment is established as currently required.

• Sessionid: obtains the unique work segment of the work segment.

Re: Because the session ID is not fixed before the object is deleted. if you allocate session content, EX: session ["XXX"] = 123, you will find that the ID is fixed. * p8

Note:
* P8: [ASP. NET] session. isnewsession and session. sessionid http://www.dotblogs.com.tw/yilinliu/archive/2009/04/24/8163.aspx