Detailed settings of session timeout in webconfig

Source: Internet
Author: User
Detailed settings of session timeout in webconfig

When we set session timeout in webconfig, if the last address to be released is a remote server, many of our non-essential attributes are not set. After the setting, the Session Timeout cannot be effective. I am working on the currentProgramIn this case, when writing sessionstate, the timeout time set for the session will not work after the settings are as follows; but it will work after some attributes are not used.

Settings that cannot work after the server is released:

  <Sessionstate mode = "inproc"

                         Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"

                         Sqlconnectionstring = "Data Source = 127.0.0.1; trusted_connection = yes"

                       Cookieless = "false"

  Timeout = "30"/>

Settings that can take effect after the server is released:

  <Sessionstate mode = "inproc"

                       Cookieless = "false"

                         Timeout = "30"/>

Because I read the followingArticleIt is known that stateconnectionstring and sqlconnectionstring are required when the mode is set to StateServer and sqlserver, but when the mode is configured to inproc, it is not necessary. In stateconnectionstring and sqlconnectionstring, 127.0.0.1 is the default setting. However, it must be changed when it is used as a remote server. However, it is best to use the simplest method and the most commonly used method, is the way I write in the second configuration.

The specific references are as follows:

 

From: http://www.cnitblog.com/seeyeah/archive/2008/01/25/22089.html

Reprinted from: http://www.cnblogs.com/sbitxg521/archive/2008/11/18/1335566.html

After opening the configuration file web. config of an application, we will find the following section:

< Sessionstate

Mode = "inproc"

Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"

Sqlconnectionstring = "Data Source = 127.0.0.1; trusted_connection = yes"

Cookieless = "false"

Timeout = "20" 

/>

This section describes how the application stores session information. The following operations mainly aim at this configuration section. Let's take a look at the meaning of the content contained in this section. The syntax of the sessionstate node is as follows:

< Sessionstate mode = "off | inproc | StateServer | sqlserver"

              Cookieless = "True | false"

              Timeout = "number of minutes"

              Stateconnectionstring = "TCPIP = server: Port"

              Sqlconnectionstring = "SQL connection string"

              Statenetworktimeout = "number of seconds"

/>

The required attribute is

Attribute option description

Mode Set where to store session information

Off is set to not use the session Function

Inproc is set to store sessions in the process, which is the storage method in ASP. This is the default value.

StateServer is set to store sessions in independent State services.

Sqlserver settings store sessions in SQL Server.

Optional attributes:

Attribute option description

Cookieless Set where the session information of the client is stored

Ture uses cookieless Mode

False uses cookie mode, which is the default value.

Timeout Sets the number of minutes after which the server automatically abandons the session information. The default value is 20 minutes.

Stateconnectionstring Set the server name and port number used to store session information in the status service, for example, "TCPIP = 127.0.0.1: 42424 ". This attribute is required when the mode value is StateServer.

Sqlconnectionstring Set the connection string when connecting to SQL Server. For example, "Data Source = localhost; Integrated Security = sspi; initial catalog = northwind ". This attribute is required when the mode value is sqlserver.

Statenetworktimeout Sets the number of seconds after the session state is stored in StateServer mode and the TCP/IP connection between the Web server and the server that stores the status information. The default value is 10 seconds.

Storage of client session Status in ASP. NET

In our previous session model introduction, we can find that the session status should be stored in two places: client and server. The client is only responsible for saving the sessionid of the corresponding website, while other session information is stored on the server. In ASP, the sessionid of the client is actually stored as a cookie. If the user chooses to disable cookies in the browser settings, then he will not be able to enjoy the convenience of the session, or even access some websites. To solve the above problems, the session information storage methods of the client in ASP. NET are divided into cookie and cookieless.

In ASP. NET, by default, session information is stored on the client using cookies. If you want to use cookieless on the client to store session information, the method is as follows:

Find the root directory of the current web application, open the Web. config file, and find the following section:

< Sessionstate

Mode = "inproc"

Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"

Sqlconnectionstring = "Data Source = 127.0.0.1; trusted_connection = yes"

Cookieless = "false"

Timeout = "20" 

/> 

In this section, cookieless = "false" is changed to cookieless = "true". In this way, the session information of the client is no longer stored using cookies, but stored through URLs. Close the current IE, open a new IE, and re-access the Web application, you will see something similar to the following:

Http: // localhost/mytestapplication/(ulqsek45heu3ic2a5zgdl245)/Default. aspx indicates the session ID of the client. Note that this information is automatically added by IIS and does not affect the normal connection.

Storage of server session Status in ASP. NET

Preparations

To better experience the experiment, you can create a page called sessionstate. aspx andCodeAdd to < Body> < /Body>.

 

< Scriptrunat = "server">

Sub session_add (sender as object, e as eventargs)

 Session ("mysession") = text1.value

 Span1.innerhtml = "session data updated! < P> your session contains: < Font color = Red> "& Session ("mysession"). tostring () & "< /Font>"

End sub

Sub checksession (sender as object, EAS eventargs)

 If (Session ("mysession") is nothing) then

Span1.innerhtml = "nothing, session data lost! "

 Else

Span1.innerhtml = "your session contains: < Font color = Red> "& SESSION (" mysession "). tostring () &" < /Font>"

End if

End sub

< /SCRIPT>

< Formrunat = "server" id = "form2">

 < Inputid = "text1" type = "text" runat = "server" name = "text1">

 < Inputtype = "Submit" runat = "server" onserverclick = "session_add"

Value = "add to session state" id = "submit1" name = "submit1">

 < Inputtype = "Submit" runat = "server" onserverclick = "checksession"

Value = "View session state" id = "submit2" name = "submit2">

< /Form>

< Hrsize = "1">

< Fontsize = "6"> < Spanid = "span1" runat = "server"/> < /Font> 

This sessionstate. ASPX page can be used to test whether session information is lost on the current server.

Store Server session information in the process

Let's go back to the section in the web. config file:

< Sessionstate

Mode = "inproc"

Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"

Sqlconnectionstring = "Data Source = 127.0.0.1; trusted_connection = yes"

Cookieless = "false"

Timeout = "20" 

/> 

When the mode value is inproc, it indicates that the server is using this mode.

This method is the same as the previous ASP mode, that is, the server stores session information in the IIS process. When IIS is disabled or restarted, the information is lost. However, this mode also has its own biggest advantage, that is, the highest performance. It should be that all session information is stored in the IIS process, so IIS can quickly access this information, the performance of this mode is much faster than that of session information stored outside the process or stored in SQL Server. This mode is also the default mode for ASP. NET.

Now let's do a test. Open the sessionstate. ASPX page and enter some characters to store them in the session. Then, let's restart IIS. Note that it is not to stop the current site and start again, but to right-click the node of the machine name in IIS and choose restart IIS. (To restart IIS when NT4 is used, you must restart the computer. Microsoft returns sessionstate. on the ASPX page, check the session information and find that the information has been lost.

Store Server session information outside the process

First, let's open the management tool> service, find the service named ASP. NET State service, and start it. In fact, this service is to start a process to save session information. After starting this service, you can see a process named aspnet_state.exe in the Windows Task Manager> process. This is the process for saving session information.

Return to the preceding section in the web. config file and change the mode Value to StateServer. Open another IE after saving the file, open the sessionstate. ASPX page, and save some information to the session. At this time, let's restart IIS and go back to the sessionstate. ASPX page to check the session information. We found that the session information was not lost.

In fact, this method of storing session information outside the process not only means that the information can be stored in the local process, but also the session information can be stored in other server processes. In this case, you not only need to change the mode Value to StateServer, but also need to configure the corresponding parameters in stateconnectionstring. For example, if you want to store the session in the process of a computer whose IP address is 192.168.0.2, you need to set it to stateconnectionstring = "TCPIP = 192.168.0.2: 42424 ". Of course, do not forget to install. NET Framework on the computer 192.168.0.2 and start the ASP. NET State Services Service.

Store Server session information in SQL Server

First, let's make some preparations. Start the SQL Server and SQL Server proxy services. Execute a script file named installsqlstate. SQL in SQL Server. This script file will create a database dedicated to storing session information in SQL Server and an SQL Server proxy job that maintains the session information database. You can find the file in the following path:

[System Drive] \ winnt \ Microsoft. NET \ framework \ [version] \

Then open the query analyzer, connect to the SQL Server server, open the file and execute it. Wait a moment and the database and job will be created. In this case, you can open the Enterprise Manager and see a new database called aspstate. However, this database only contains some stored procedures and does not use user tables. In fact, session information is stored in the aspstatetempsessions table of the tempdb database, and another aspstatetempapplicationsThe Application Object Information in ASP is stored in the table. These two tables are also created by the script just now. In addition, you can view "manage"> "SQL Server proxy"> "job" and find another job called aspstate_job_deleteexpiredsessions. This job actually deletes expired session information from the aspstatetempsessions table every minute.

Then, we return to the Web. config file and change the mode Value to sqlserver. Note: You must also modify the sqlconnectionstring value in the following format:

Sqlconnectionstring = "Data Source = localhost; Integrated Security = sspi ;"

Data source refers to the IP address of the SQL Server server. If SQL Server and IIS are a server, write 127.0.0.1. Integrated Security = sspi means to use Windows Integrated Identity Authentication, so that accessing the database will use ASP.. Net identity, through this configuration, you can obtain better security than the SQL Server authentication method using userid = sa; Password = password. Of course, if SQL server runs on another computer, you may need to maintain consistency between the two sides through the Active Directory domain.

Similarly, let's do a test. Add the session information to sessionstate. aspx and you will find that the session information already exists in SQL Server. Even if you restart the computer, the session information will not be lost. Now you have fully seen what the session information looks like and is stored in SQL Server. What you can do depends on your performance. Haha.

Summary

Through this article, you can see that in terms of session management and maintenance, ASP. NET has made great progress over ASP. We can select a suitable method at will. For enterprise applications, this is undoubtedly beneficial to server synchronization, server stability, and reliability. I believe that with the support of powerful Microsoft, the new generation of e-commerce platforms will be built better!

At the same time, you will also find that the entire technology includes the integration of operating systems, Web Services, and database technologies. I believe that windows is not UNIX stable, IIS is not apache stable, and SQL server is not powerful as Oracle. But who can perfectly link them together? So, although Microsoft is not too strong in every aspect, if we integrate everything from Microsoft into one, who would say that it is not powerful? Microsoft is Microsoft!

From: http://bbs.zxbc.cn/viewthread.php? Tid = 24539

About session settings in Web. config

You cannot send a session Status request to the session Status server. Make sure that ASP. NET State Service (ASP. NET State Service) is started and the client port is the same as the server port. If the server is on a remote computer, check the value of HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ aspnet_state \ Parameters \ allowremoteconnection to ensure that the server accepts remote requests. If the server is located on the local computer and the registry value mentioned above does not exist or is set to 0, the status server connection string must use "localhost" or "127.0.0.1" as the server name. 

Let's take a look.

<Sessionstate mode = "StateServer" stateconnectionstring = "TCPIP = localhost: 42424" timeout = "20"> <ssionstate>

I added this code in Web. config.

Caused

From: http://msdn2.microsoft.com/zh-cn/system.web.sessionstate.httpsessionstate.timeout (vs.80). aspx

Msdn example

The following code example sets the timeout session attribute to 30 minutes in the web. config file.

Copy code

<Configuration>

<System. Web>

<Sessionstate

Mode = "inproc"

Cookieless = "true"

Timeout = "30"/>

</System. Web>

</Configuration>

From: http://msdn2.microsoft.com/zh-cn/library/h6bb9cz9 (vs.80). aspx

Reprinted from: http://www.cnblogs.com/sbitxg521/archive/2008/11/18/1335566.html

Http://msdn2.microsoft.com/zh-cn/library/h6bb9cz9 (vs.80). aspx

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.