ASP. NET Session

Source: Internet
Author: User

Cause Analysis:
Configuration sessionstate in Web. config has a mode of StateServer, but the server does not have the service switched on.

1.web.config inside the sessionstate mode changed to "InProc";
2. Enable "ASP." In the service

This is possible, but there is no understanding of why this should be done. Later on the Internet to find one to know the reason for the truth.

Introduction to the session model
What is the session? In simple terms, the server gives the client a number. When a WWW server is running, there may be a number of users browsing the Web site that is being shipped on this server. When each user establishes a connection to this WWW server for the first time, he establishes a session with the server, and the server automatically assigns it a SessionID to identify the user's unique identity. This SessionID is a 24-character string randomly generated by the WWW server, and we'll see what it looks like in the experiment below.

The only SessionID is of great practical significance. When a user submits a form, the browser automatically attaches the user's SessionID to the HTTP header information (this is the browser's automatic function, which the user will not perceive), and when the server finishes processing the form, the result is returned to the user of SessionID. Imagine, if there is no SessionID, when two users register at the same time, how the server can know exactly which user submitted which form. Of course, SessionID has many other functions that we will mention later.

In addition to SessionID, a lot of other information is included in each session. However, for programs that write ASP or ASP. NET, the most useful thing is to access the asp/asp. NET has built-in session objects that store individual information for each user. For example, we would like to know about the users who visit our website and browse several pages, and we may add them to each page that the user may visit:

If Session ("pageviewed") = "Then
Session ("pageviewed") = 1
Session ("pageviewed") = Session ("pageviewed") + 1
End If

The following sentence lets the user know that they have browsed several pages:

Response.Write ("Viewed" & Session ("pageviewed") & "pages")

Some readers may ask, "This is a session (".. ") that looks like an array. Where did it come from? Do I need to define it? In fact, this session object is the built-in object of the WWW server with ASP interpretation capability. In other words, the ASP system has already defined the object for you, you just need to use it. where session ("..") In the.. Just like the variable name, Session ("..") The $$ in =$$ is the value of the variable. All you have to do is write a word that you can access on each page of the user. The value in the variable.

In fact, the ASP built a total of 7 objects, there is session, application, cookies, Response, Request, server and so on. In other server-side scripting languages such as JSP, PHP and so on, there are similar objects, just called or the use of the method is not the same.

The defect of the function of ASP session
Currently, ASP developers are using the session as a powerful feature, but in their use of the process found that the ASP session has the following defects:

Process dependencies: The ASP session state is stored in the IIS process, that is, the Inetinfo.exe program. So when the Inetinfo.exe process crashes, the information is lost. In addition, restarting or shutting down the IIS service can result in the loss of information.
Limitations of the session state usage scope: When a user accesses a website from one site to another, the session information is not migrated in the past. For example: Sina Web site may have more than one WWW server, a user login to the various channels to browse, but each channel is on a different server, if you want to share session information in these WWW server how to do?
Cookie dependency: In fact, the client's session information is stored and cookie, if the client completely disables the cookie function, he will not be able to enjoy the function provided by the session.
In view of the above shortcomings of ASP session, Microsoft Designers in the design and development of the ASP. NET session was improved, completely overcome the above shortcomings, making the ASP. NET session becomes a more powerful function.

Introduction to the Web. config file
Some ASP. NET programmers say: Web. config file? I have never heard of Ah, but I write the program can not also be very normal operation? Yes, you're right, there's no Web. config file program that works. However, if you do a large web site, you need to do some overall configuration of the whole site, such as the whole site of the page in which language written, the site's security authentication mode, session information storage, etc., then you need to use the Web. config file. Although some of the options in the Web. config file can be configured through IIS, the configuration in IIS is overwritten if there is a corresponding setting in Web. config. Moreover, the greatest convenience of the Web. config file is that the settings in Web. config can be accessed in an ASP. NET page by calling the System.Web namespace.

There are two types of Web. config, the server configuration file and the website application configuration file, both of which are named Web. config. In this configuration file, you will save a series of information that is written in the language of the current IIS server, the application Security authentication mode, and the session information storage method. This information is saved using XML syntax, and if you want to edit it, you can use a text editor.

Where the server configuration file works for all applications in all sites under the IIS server. In the. NET Framework 1.0, the Web. config file for the server is present: \winnt\\framework\v1.0.3705.

Web application configuration file. config files are saved in each Web application. For example: The root directory of the current Web site \inetpub\wwwroot, and the current Web application is MyApplication, the Web application root should be: \inetpub\wwwroot\myapplication. If your site has and has only one Web application, the root directory of the application is generally \inetpub\wwwroot. If you want to add a Web application, add a virtual directory with the application start point in IIS. Files and directories in this directory will be treated as a Web application. However, the Web application is not generated for you by using IIS. If you want to create a Web application with a. config file, you will need to use Visual Studio.NET, creating a new Web Application project.

The Web application's configuration file, Web. config, is optional and dispensable. If not, each Web application uses the server's Web. config profile. If so, the corresponding values in the server Web. config configuration file are overwritten.

In ASP. NET, the Web. config modification is saved automatically immediately, and no longer needs to be restarted as soon as the configuration file in ASP is modified to take effect.

Session configuration information in the Web. config file
After opening the configuration file for an application, Web. config, we will find the following paragraph:

Mode= "InProc"
Stateconnectionstring= "tcpip="
sqlconnectionstring= "Data source=; Trusted_connection=yes "
Cookieless= "false"
Timeout= "20"

This section is about configuring how the application stores session information. The following operations are mainly for this section of the deployment. Let's take a look at the meaning of the content contained in this section of the configuration. The syntax for the sessionstate node is this:

<sessionstate mode= "off| inproc| stateserver| SQL Server "
Cookieless= "True|false"
timeout= "Number of minutes"
Stateconnectionstring= "Tcpip=serverort"
sqlconnectionstring= "SQL connection string"
statenetworktimeout= "Number of seconds"

Required properties are

Property Options Description
Mode settings where to store the session information
OFF is set to do not use the session function
The InProc is set to store the session inside the process, which is the default value for storage in ASP.
The StateServer is set to store the session in a separate state service.
SQL Server settings stores the session in a

The optional properties are:

Property Options Description
Cookieless set where the client's session information is stored
Ture using cookieless mode
False use cookie mode, which is the default value.
Timeout sets the number of minutes after which the server automatically discards session information. Default is 20 minutes
stateConnectionString sets the server name and port number used when the session information is stored in the State service, for example: "tcpip=". When the value of mode is StateServer Yes, this property is required.
sqlConnectionString sets the connection string when connecting to SQL Server. For example, "Data source=localhost;integrated security=sspi;initial catalog=northwind". This property is required when the value of mode is SQL Server.
stateNetworkTimeout settings when the session state is stored using StateServer mode, the TCP/IP connection to the server that stores the state information is disconnected after the number of seconds that the Web server is idle. The default value is 10 seconds.

Asp. The storage of client session state in net
In the introduction of the session model above, we can find that the session state should be stored in two places, namely the client and server side. The client is only responsible for saving the SessionID of the corresponding website, while the other session information is saved on the server side. In ASP, the SessionID of the client is actually stored in the form of a cookie. If a user chooses to disable cookies in the browser's settings, he or she will not be able to enjoy the convenience of the session or even have access to certain websites. In order to solve the above problems, the client's session information is stored in asp: Two kinds of cookies and cookieless.

Asp. NET, by default, the session information is stored on the client or using a cookie. If we want to store session information as a client using cookieless, here's how:

Locate the root directory of the current Web application, open the Web. config file, and locate the following paragraph:

Mode= "InProc"
Stateconnectionstring= "tcpip="
sqlconnectionstring= "Data source=; Trusted_connection=yes "
Cookieless= "false"
Timeout= "20"

The cookieless= "false" in this paragraph is replaced by the following: Cookieless= "true", so that the client session information is no longer stored using a cookie, but rather it is stored through a URL. Close the current IE, open a new IE, revisit the Web application, and you will see something like this:

In http://localhost/MyTestApplication/(ulqsek45heu3ic2a5zgdl245)/default.aspx, the client's session ID is marked in bold. Note that this information is automatically added by IIS and does not affect the previous normal connection.

Asp. The storage of server-side session state in net
Preparatory work

In order for you to experience the experiment better, you can create a page called Sessionstate.aspx and add the following code to it.

<scriptrunat= "Server" >
Sub Session_add (sender as Object, E as EventArgs)
Session ("mysession") = Text1. Value
Span1. InnerHtml = "Session data updated! <p>your session contains: <font color=red> "& \
Session ("MySession"). ToString () & "</font>"
End Sub

Sub checksession (sender as Object, EAs EventArgs)
If (Session ("mysession") is nothing) then
Span1. InnerHtml = "Nothing, SESSION DATA lost!"
Span1. InnerHtml = "Your session contains: <font color=red>" & \
Session ("MySession"). ToString () & "</font>"
End If
End Sub

<formrunat= "Server" id= "Form2" >
<inputid= "Text1" type= "text" runat= "server" name= "Text1" >
<inputtype= "Submit" runat= "Server" onserverclick= "Session_add"
Value= "ADD to Session State" id= "Submit1" name= "Submit1" >
<inputtype= "Submit" runat= "Server" onserverclick= "Checksession"
Value= "View Session State" id= "Submit2" name= "Submit2" >
<fontsize= "6" ><spanid= "Span1" runat= "Server"/></font>

This sessionstate.aspx page can be used to test if the session information is missing on the current server.

Storing server session information in a process
Let's go back to the paragraph in the Web. config file just now:

Mode= "InProc"
Stateconnectionstring= "tcpip="
sqlconnectionstring= "Data source=; Trusted_connection=yes "
Cookieless= "false"
Timeout= "20"

When the value of mode is InProc, it indicates that the server is using this mode.

This approach is the same as in the previous ASP, where the server stores session information in the IIS process. When IIS shuts down and restarts, this information is lost. But this model also has its own greatest benefit, is the highest performance. All session information should be stored in the IIS process, so IIS can quickly access this information, which is much faster than storing session information out of process or storing session information in SQL Server. This mode is also the default for ASP.

Okay, now let's do an experiment. Open the Sessionstate.aspx page and enter some characters to store it in the session. Then, let's let IIS restart. Note that instead of stopping the current site from starting, you can choose to restart IIS by right-clicking on the node of the native machine name in IIS. (If you want to use NT4, restart IIS must restart the computer before the line, Microsoft really @#$%^&) back to the Sessionstate.aspx page, check the session information just now, found that the information has been lost.

Store server session information outside the process
First, let's open the management tools, service, and find a service named: ASP. NET State service to start it. In fact, the service is to start a process to save the session information. After starting this service, you can see a process called Aspnet_state.exe from the Windows Task Manager, which is the process in which we save the session information.

Then, go back to the above paragraph in the Web. config file and change the value of mode to StateServer. After saving the file, reopen an IE, open the sessionstate.aspx page and save some information to the session. At this point, let us restart IIS, and then go back to the Sessionstate.aspx page to view the session information just now, found not lost.

In fact, the way the session information is stored out-of-process refers not only to the process of storing information in the local computer, but also to the process of storing the session information in other servers. In this case, you need not only change the value of mode to StateServer, but also configure the corresponding parameters in the stateconnectionstring. For example, your calculation is, and you want to store the session in the process of the IP- computer, you need to set it up like this: stateconnectionstring= "tcpip= ". Of course, don't forget to load the. NET Framework in the computer and start the ASP.

Store the server session information in SQL Server
First of all, let's do some preparatory work. Start SQL Server and the SQL Server Agent service. Execute a script file called InstallSqlState.sql in SQL Server. This script file will create a database in SQL Server dedicated to storing session information, and a SQL Server Agent job that maintains the session information database. We can find the file in the following path:

[System drive]\winnt\\framework\[version]\

Then open Query Analyzer, connect to the SQL Server server, open the file you just made and execute. Wait a moment, the database and the job is set up. At this point, you can open Enterprise Manager and see a new database called ASPState. But this database is just a few stored procedures, no user tables. The session information is actually stored in the ASPStateTempSessions table in the tempdb database, and the other Aspstatetempapplications table stores the Application object information in the ASP. These two tables were also created by the script just now. In addition to view Management->sql Server Agent----jobs, found also a job called aspstate_job_deleteexpiredsessions, The job is actually to remove the expired session information from the ASPStateTempSessions table every minute.

Next, we go back to the Web. config file and change the value of mode to SQL Server. Note that you also want to modify the value of the sqlconnectionstring at the same time, in the format:

sqlconnectionstring= "Data source=localhost; Integrated Security=sspi; "

Where data source refers to the IP address of the SQL Server server, if SQL Server and IIS are a machine, write Integrated SECURITY=SSPI means that Windows Integrated authentication is used, so that access to the database is made as an ASP, and by this configuration, SQL can be obtained that is more than using the userid=sa;password= password Better security for server authentication. Of course, if SQL Server is running on another computer, you may need to maintain the consistency of validation on both sides of the way through Active Directory domains.

Again, let's do an experiment. Add session information to the sessionstate.aspx, then found that the session information already exists in SQL Server, even if you restart the computer, just the session information will not be lost. Now, you have completely seen what the session information is like, and is stored in SQL Server, what can be seen in your play, haha.

Through this article, you can see the management and maintenance of the session, ASP. NET than ASP has made great progress, we can more arbitrarily choose the appropriate method. For enterprise-class applications, this is undoubtedly beneficial for server synchronization, server stability, and reliability. I believe that with the strong support of Microsoft, the next generation of e-commerce platform will be built better!

At the same time, you will find that the entire technology includes the integration of operating systems, Web services, and database technologies. I believe that maybe Windows is not stable with UNIX, IIS is not Apache stable, SQL Server is not as powerful as Oracle, but who can bring them together so perfectly? So, although Microsoft is not too strong in every respect, but if Microsoft's things are integrated together, who dare say he is not strong? Microsoft is Microsoft!

ASP. NET Session

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.