Home > Developer > .Net Core

ASP. NET Session state storage

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Storage of client Session Status in asp.net

In the above introduction to the ASP. NET Session model, we can find that the Session status should be stored in two places: client and server. The client is only responsible for saving the SessionID of the corresponding website, while other Session information is stored on the server. In ASP, the SessionID of the client is actually stored as a Cookie. If the user chooses to disable cookies in the browser settings, then he will not be able to enjoy the convenience of the Session, or even access some websites. To solve the above problems, the client Session information storage methods in asp.net are divided into Cookie and Cookieless.

In asp.net, by default, Session information is stored on the client using cookies. If you want to use Cookieless on the client to store Session information, the method is as follows:

Find the root directory of the current Web application, open the Web. Config file, and find the following section:

 
 
    
  
  
  1. < sessionState  
    2. 
  
  
  2. mode="InProc" 
    3. 
  
  
  3. stateConnectionString="tcpip=127.0.0.1:42424" 
    4. 
  
  
  4. sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" 
    5. 
  
  
  5. cookieless="false" 
    6. 
  
  
  6. timeout="20"   
    7. 
  
  
  7. />   
    8. 
  
  
  8.  
    9.

In this section, cookieless = "false" is changed to cookieless = "true". In this way, the Session information of the client is no longer stored using cookies, but stored through URLs. Close the current IE, open a new IE, and re-access the Web application, you will see something similar to the following:

 

Http: // localhost/MyTestApplication/(ulqsek45heu3ic2a5zgdl245)/default. aspx indicates the Session ID of the client. Note that this information is automatically added by IIS and does not affect the normal connection.

Storage of server Session Status in asp.net

Preparations

To better experience the experiment, you can create a page named SessionState. aspx and add the following code to <body> </body>.

 
 
    
  
  
  1. < scriptrunat="server">  
    2. 
  
  
  2. Sub Session_Add(sender As Object, e As EventArgs)  
    3. 
  
  
  3.   Session("MySession") = text1.Value  
    4. 
  
  
  4.   span1.InnerHtml = "Session data updated! < P>Your session contains: < font color=red>" & \  
    5. 
  
  
  5.  Session("MySession").ToString() & "< /font>" 
    6. 
  
  
  6. End Sub  
    7. 
  
  
  7.  
    8. 
  
  
  8. Sub CheckSession(sender As Object, eAs EventArgs)  
    9. 
  
  
  9.   If (Session("MySession")Is Nothing) Then  
    10. 
  
  
  10.   span1.InnerHtml = "NOTHING, SESSION DATA LOST!" 
    11. 
  
  
  11.   Else  
    12. 
  
  
  12.   span1.InnerHtml = "Your session contains: < font color=red>" & \  
    13. 
  
  
  13.  Session("MySession").ToString() & "< /font>" 
    14. 
  
  
  14. End If  
    15. 
  
  
  15. End Sub  
    16. 
  
  
  16. < /script>  
    17. 
  
  
  17. < formrunat="server"id="Form2">  
    18. 
  
  
  18.   < inputid="text1"type="text"runat="server"name="text1">  
    19. 
  
  
  19.   < inputtype="submit"runat="server"OnServerClick="Session_Add" 
    20. 
  
  
  20.   value="Add to Session State" id="Submit1"name="Submit1">  
    21. 
  
  
  21.   < inputtype="submit"runat="server"OnServerClick="CheckSession" 
    22. 
  
  
  22.   value="View Session State" id="Submit2"name="Submit2">  
    23. 
  
  
  23. < /form>  
    24. 
  
  
  24. < hrsize="1">  
    25. 
  
  
  25. < fontsize="6">< spanid="span1"runat="server" />< /font>  
    26. 
  
  
  26.  
    27.

This SessionState. aspx page can be used to test whether Session information is lost on the current server.

Store Server Session information in the process

Let's go back to the section in the Web. config file:

 
 
    
  
  
  1. < sessionState  
    2. 
  
  
  2. mode="InProc" 
    3. 
  
  
  3. stateConnectionString="tcpip=127.0.0.1:42424" 
    4. 
  
  
  4. sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" 
    5. 
  
  
  5. cookieless="false" 
    6. 
  
  
  6. timeout="20"   
    7. 
  
  
  7. />   
    8. 
  
  
  8.  
    9.

When the mode value is InProc, it indicates that the server is using this mode.

This method is the same as the previous ASP mode, that is, the server stores Session information in the IIS process. When IIS is disabled or restarted, the information is lost. However, this mode also has its own biggest advantage, that is, the highest performance. It should be that all Session information is stored in the IIS process, so IIS can quickly access this information, the performance of this mode is much faster than that of Session information stored outside the process or stored in SQL Server. This mode is also the default asp.net mode.

Now let's do a test. Open the SessionState. aspx page and enter some characters to store them in the Session. Then, let's restart IIS. Note that it is not to stop the current site and start again, but to right-click the node of the machine name in IIS and choose restart IIS. (To restart IIS when NT4 is used, you must restart the computer. Microsoft returns SessionState. on the aspx page, check the Session information and find that the information has been lost.

Store Server Session information outside the process

First, let's open the management tool> Service, find the Service named asp.net State Service, and start it. In fact, this service is to start a process to save Session information. After starting this service, you can see a process named aspnet_state.exe in the Windows Task Manager> process. This is the process for saving Session information.

Return to the preceding section in the Web. config file and change the mode Value to StateServer. Open another IE after saving the file, open the SessionState. aspx page, and save some information to the Session. At this time, let's restart IIS and return to the SessionState. aspx page to view the Session information.

In fact, ASP. NET Session information is stored outside the process. It not only stores information in the local process, but also stores Session information in other server processes. In this case, you not only need to change the mode Value to StateServer, but also need to configure the corresponding parameters in stateConnectionString. For example, if you want to store the Session in the process of a computer whose IP address is 192.168.0.2, you need to set it to stateConnectionString = "tcpip = 192.168.0.2: 42424 ". Of course, do not forget to install. NET Framework on the computer 192.168.0.2 and start the asp.net State Services Service.

Store Server Session information in SQL Server

First, let's make some preparations. Start the SQL Server and SQL Server proxy services. Execute a script file named InstallSqlState. SQL in SQL Server. This script file will create a database in SQL Server for storing Session information and an SQL Server proxy job for maintaining the Session information database. You can find the file in the following path:

[System drive] \ winnt \ Microsoft. NET \ Framework \ [version] \

Then open the query analyzer, connect to the SQL Server, open the file and execute it. Wait a moment and the database and job will be created. In this case, you can open the Enterprise Manager and see a new database called ASPState. However, this database only contains some stored procedures and does not use user tables. In fact, Session information is stored in the ASPStateTempSessions table of the tempdb database, and the other ASPStateTempApplications table stores the Application Object Information in ASP. These two tables are also created by the script just now. In addition, you can view "manage"> "SQL Server proxy"> "job" and find another job called ASPState_Job_DeleteExpiredSessions. This job actually deletes expired Session information from the ASPStateTempSessions table every minute.

Then, we return to the Web. config file and change the mode Value to SQLServer. Note: You must also modify the sqlConnectionString value in the following format:

 
 
    
  
  
  1. sqlConnectionString="data source=localhost; Integrated Security=SSPI;" 
    2.

Data source refers to the IP address of the SQL Server. If SQL Server and IIS are a Server, write 127.0.0.1. Integrated Security = SSPI means to use Windows Integrated Identity Authentication. In this way, accessing the database will be performed as asp.net. With this configuration, the user can obtain a better password than userid = sa; password = better security for SQL Server Authentication. Of course, if SQL Server runs on another computer, you may need to maintain consistency between the two sides through Active Directory domains.

Similarly, let's do a test. Add the Session information to SessionState. aspx and you will find that the Session information already exists in SQL Server. Even if you restart the computer, the Session information will not be lost. Now, you have fully seen what Session information looks like and what it is stored in SQL Server. What you can do depends on your performance.

Through this article, you can see that in terms of asp.net session management and maintenance, asp.net has made great progress over asp, And we can select a suitable method at will.

  1. Brief Introduction to ASP. NET Session Model
  2. ASP. NET page lifecycle: stages, events, and others
  3. Introduction to ASP. net mvc Lifecycle
  4. Several methods for processing ASP. NET Session invalidation
  5. ASP. NET: all instances share a static variable.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More