Excerpt from: http://www.cnblogs.com/darrenji/p/3951065.html
How the session Works
The session mechanism of the server is based on the client side, that is, the session of the server will save each client's information to the server memory. The exact process is this:
→ Client makes a request to the server
→ The server responds to the client and creates a session and a unique session ID for the client
→ use session ID as key, session content as value, stored as key-value pair in session state provider
→ The client requests the server again with its own session ID
→ The session mechanism of the server returns the contents from session state provider to the client based on the session ID of the client
Advantages:
Maintain user status and information across pages
Easy to use and can store any type
Can save information for each client
Safe, Transparent
Disadvantages:
Because the session is stored in memory on the server side, as client requests increase, it is likely to affect performance
In Web.conig, the Mode property of the sessionstate node, if set to "StateServer" or "SQL Server", must be called [Serializable] for the object stored in the session. This way, when storing and reading the session, serialization and deserialization can also affect performance
The mode of the session
In Web. config, the sessionstate node has a mode property whose attribute value represents the mode of the session. Including:
InProc
StateServer
SQL Server
Custom
Off
Each mode setting affects which session state Provider is used by the session mechanism.
-off
If we want to invalidate the session:
<system.web>
<sessionstate mode= "Off"/>
</sytem.web>
InProc
This is also the default mode chosen by the ASP. In this mode, only the data of the current application domain is saved. If you restart the server, the data stored in the session will be lost.
<system.web>
<sessionstate mode= "InProc" timeout= "/>"
</system.web>
Indicates that the session is valid for 30 minutes. For some small sites or the amount of data, it is better to choose this mode.
Advantages:
Since the session data is stored in memory, it is very fast to get the data
No requirements for serialization and deserialization
Disadvantages:
Session data is lost if the application domain is discarded and restarted
When the data is large, it consumes too much memory and affects performance.
StateServer
Selecting this option means that the session's work is given to the Asp.net_state.exe service outside the current application domain, which is a Windows service that is separate from IIS. If you want to start the service, you can find the ASP. NET State Service and set it to start automatically by opening the Control Panel-Administrative Tools-services.
The session still works even if the ASP is restarted, which is the advantage of the StateServer model. The disadvantage of this pattern is that it involves excessive serialization and deserialization.
<system.web>
<sessionstate mode= "StateServer" stateconnectionsting= "tcpip=127.0.0.1:42424" statenetworktimeout= "/>"
</sytem.web>
127.0.0.1 indicates that this machine is selected by default
42424 indicates the default port
stateNetworkTimeout is used to set the server response, waiting for the client to request the time, the default is 10 seconds, here set to 40 seconds
If you want to modify the default settings for StateServer, you can modify them in the Asp.net_state.exe corresponding registry.
-sqlserver
Using this mode, session data is serialized and saved to the SQL Server database. In order for SQL Server to mate with this pattern, you need to do the following:
→ View version location, for example in: C:\Windows\Microsoft.NET\Framework\v4.0.30319
→ Enter the following command
-ssadd indicates that the session state is added in SQL Server
-sstype p indicates persisted
-S indicates the server name
-U represents the SQL Server user name
-p indicates SQL Server password
→ If all goes well, the following prompt appears
The database has more ASPState database, session data will be saved to the related table in this database
Advantages:
Session data is not affected after restarting IIS
The safest way to process a session
Disadvantages:
Processing is relatively slow
Excessive serialization and deserialization
-custom
Customize the session mechanism by inheriting the Sessionstatestoreproviderbase class, implementing the Isessionidmanager interface, and so on.
Event of Session
There are 2 events in the Session: Session_Start and Session_End. These 2 events can be handled in the Global.asax global file.
{
Todo
}
{
Todo
}
2 ways ASP. NET MVC handles session
If you are working with user logins, you can use the "MVC extension Valueprovider, creating sessionvalueprovider by implementing the Ivalueprovider interface" in the way described. If you are working on a shopping cart, you can usethemethod described in "http://www.cnblogs.com/darrenji/p/3813109.html".
ASP. NET session