ASP. NET session Status
ASP. by default, session information is stored in ASP. NET. NET application memory space [InPro]. When stored in InPro, session information may be lost. Therefore, you can use an independent service to store session information to restart ASP. after the NET application, the session information is retained. The session information is stored in StateServer or SQLServer so that the session information can be used by multiple Web servers in the network farm. [restart ASP.. NET application and the session information will be retained], or the session information will be stored in the Custom Data storage area.
Session identifier
A session is identified by a unique session identifier that can be read using the SessionID attribute, Which is ASP. when the web application enables the session status, it checks whether each page request in the application has the SessionID value sent by the browser. If no SessionID value is provided, ASP.. NET starts a new session, and sends the SessionID of the session together with the response to the browser.
By default, the SessionID value is stored in the Cookie, but you can also configure the application [in the Web. set the CookieLess attribute to True in the SessionState section of the config file and store the SessionID value in the URL. As long as the same SessionID value is used to send a request, the session is regarded as active. If the request sending time of a specific session exceeds the specified timeout value, the session is deemed as expired, sending a request with an expired SessionID will start a new session. :
Note: To improve application security, when a user logs out of an application, the application should call the Abandon method to destroy the Session. When the following configuration is performed in the Web. config file:
<sessionState mode="StateServer" cookieless="UseUri"></sessionState>
ASP. NET automatically inserts a unique session ID in the URL of the page to maintain the cookieless session status, as shown below:
Set the regenerateExpiredSessionId attribute of the SessionState configuration element to true. In this way, a new session ID is generated when a Cookie-free session request is initiated using an expired session ID.
Session events
ASP. NET provides two events for managing user sessions: Session_OnStart and Session_OnEnd. If Mode is set to a value other than InProc, Session_OnEnd events are not supported.
Session Mode
- InProc mode, which stores the session Status in the memory of the Web server. Default Value
- StateServer mode, which stores the session status in a separate process named ASP. NET State Service. This ensures that the session status is retained when the Web application is restarted and the session status can be used by multiple Web servers in the network farm.
- In SQL Server mode, the session status is stored in an SQL Server database.
- Custom mode, which allows you to specify a Custom storage provider
- Off mode. This Mode disables the session status.
InProc Mode
The in-process mode is the default session Status mode.InProc SessionStateModeThe enumerated value is specified. The in-process mode stores session Status values and variables in the memory of the Local Web server. It is the only supportedSession_OnEndEvent Mode.
StateServer mode
In StateServer mode, session statuses are stored in a process called ASP. NET Status Service [ASP. NET State Service], which is independent of ASP. NET auxiliary processes or IIS independent processes. This mode ensures that the session status is retained when the Web application is restarted, and that the session status can be used on multiple Web servers in the network farm.
To add an ASP. NET application is configured to use StateServer mode, in the Web. in the Config file, set the Mode attribute of the SessionState element to StateServer, and set the stateConnectionString attribute to tcpip = server name: 42424.
<sessionState mode="StateServer" cookieless="UseUri" stateConnectionString="tcpip=118.114.21.5:42424" timeout="20"></sessionState>
The following error occurs when running the program:
Solution: Enable ASP. NET State Service:
Change the Registry AllowRemoteConnection to 1:
Note: If the Mode value is StateServer or SQLServer, the objects stored in the session state must be serializable.
SQL Server Mode
SQLServer mode stores the session status in an SQL Server database. This mode ensures that the session status is retained when the Web application is restarted, the session status can be used on multiple Web servers in the network farm.
To make an ASP.. NET application is configured to use the SQL Server mode, set the mode attribute to SQLServer, and set the sqlConnectionString attribute to the SQL connector path: C: \ Windows \ Microsoft. NET \ Framework \ v4.0.30319, run aspnet_regesql.exe to install the SQLServer session database:
Web. config Configuration:
<sessionState mode="SQLServer" cookieless="UseUri" sqlConnectionString="Data Source=LBWIN7;Initial Catalog=aspnetdb;Integrated Security=True" timeout="20"></sessionState>
SessionState Configuration
<sessionState mode="[Off|InProc|StateServer|SQLServer|Custom]" timeout="number of minutes" cookieName="session identifier cookie name" cookieless="[true|false|AutoDetect|UseCookies|UseUri|UseDeviceProfile]" regenerateExpiredSessionId="[True|False]" sqlConnectionString="sql connection string" sqlCommandTimeout="number of seconds" allowCustomSqlDatabase="[True|False]" useHostingIdentity="[True|False]" stateConnectionString="tcpip=server:port" stateNetworkTimeout="number of seconds" customProvider="custom provider name"> <providers>...</providers></sessionState>
Default Configuration:
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" stateNetworkTimeout="10" sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI" sqlCommandTimeout="30" customProvider="" cookieless="UseCookies" cookieName="ASP.NET_SessionId" timeout="20" allowCustomSqlDatabase="false" regenerateExpiredSessionId="true" partitionResolverType="" useHostingIdentity="true"> <providers> <clear /> </providers></sessionState>