Sessions, also known as session state, are the most commonly used state in a web system to maintain some information related to the current browser instance. We often use the session to store user status in the user access control, this article will talk about how to store the session, how to configure the session in Web. config, the session life cycle and so on.
1, the session of the storage method.
The session is actually divided into the client session and server side session.
When the user first establishes a connection to the Web server, the server distributes a sessionid as an identity to the user. SessionID is a random string of 24 characters. Each time the user submits the page, the browser will include the SessionID in the HTTP header to the Web server, so that the Web server can distinguish between the client on the current request page. This sessionid is stored on the client side and belongs to the client session.
In fact, the client session is stored by default in the form of a cookie, so when the user disables the cookie, the server will not be sessionid. At this point we can use the URL to store the client session. That is to write SessionID directly in the URL, of course, this method is not used.
Most of the sessions we mentioned refer to the server-side session. He has three ways to store it (custom storage is not discussed here):
1.1 Saved in the IIS process:
Save in the IIS process refers to the session data stored in the process of IIS running, that is, the Inetinfo.exe process, which is the default session of the way, is also the most commonly used.
The advantages of this approach are simple and highest performance. However, the session is lost when restarting the IIS server.
1.2. Save on StateServer
This storage pattern refers to storing session data in a process known as the ASP. NET-State service, which is separate from the ASP. Or IIS application pool, using this mode to ensure that session state is preserved when the Web application is restarted and that the session state can be used for multiple Web services on the network Service.
1.3. Save in SQL Server database
You can configure the session data to be stored in a SQL Server database, in order for such a configuration, the programmer first needs to prepare the SQL Server data server, and then run. NET comes with the Install Tool installation state database.
This is still the case after the server hangs up and restarts because he is stored in memory and on disk.
Here are the three ways to compare:
|
InProc |
StateServer |
Sql server |
Storage physical Location |
IIS process (memory) |
Windows service process (memory) |
SQL Server database (disk) |
Storage Type Restrictions |
Unlimited |
Types that can be serialized |
Types that can be serialized |
Storage size Limit |
Unlimited |
Scope of Use |
Current request context, independent for each user |
Life cycle |
The first time you visit a website, create a session timeout and destroy |
Advantages |
High performance ratio |
Session does not rely on Web server, not easy to lose |
Disadvantages |
Easy to lose |
Serialization vs. deserialization consumes CPU resources |
Serialization and deserialization consume CPU resources, read session from disk slow |
Principles of Use |
Do not store large amounts of data |
2. Configure the session in Web. config
Session configuration information in the Web. config file:
<sessionstate mode= "off| inproc| stateserver| SQL Server "
Cookieless= "True|false"
timeout= "Number of minutes"
Stateconnectionstring= "Tcpip=server:port"
sqlconnectionstring= "SQL connection string"
statenetworktimeout= "Number of seconds"
/>
mode sets where to store the session information:
-off is set to not use session function;
-inproc is set to store the session in the process, that is, the ASP storage mode, which is the default value;
The-stateserver is set to store the session in a separate state service;
The-sqlserver setting stores the session in SQL Server.
cookieless sets where the client's session information is stored:
-ture uses the cookieless mode, when the client's session information is no longer stored using a cookie, but instead is stored via a URL. For example, the URL is http://localhost/MyTestApplication/(ulqsek45heu3ic2a5zgdl245)/default.aspx
-false uses cookie mode, which is the default value.
Timeout sets the number of minutes after which the server automatically discards session information. The default is 20 minutes.
stateConnectionString sets the server name and port number used when the session information is stored in the State service, for example: "tcpip=127.0.0.1:42424". When the value of mode is StateServer Yes, this property is required. (42424 is the default port).
sqlConnectionString sets the connection string when connecting to SQL Server. For example, "Data source=localhost;integrated security=sspi;initial catalog=northwind". This property is required when the value of mode is SQL Server.
stateNetworkTimeout settings when the session state is stored using StateServer mode, the TCP/IP connection to the server that stores the state information is disconnected after the number of seconds that the Web server is idle. The default value is 10 seconds.
Here's how to store the session using StateServer and SQL Server
2.1 StateServer
The 1th step is to turn on the state service. Open the Control Panel → administrative tools → services command and locate the ASP. Right-click Service selection to start.
If you formally decide to use the status service to store the session, don't forget to modify the service to self-boot (the service can start itself after the operating system restarts) so as not to forget to start the service and cause the website session not to use
2nd step, join in system.web node: statenetworktimeout= "> stateConnectionString" indicates the communication address (IP: Service port number) of the state server. Since we are now testing this machine, we set up the cost machine address 127.0.0.1 here. The default listening port for the status service is 42422. Of course, you can also modify the port number of the status service by modifying the registry.
(To modify the registry to modify the port number of the state service: Enter regedit in the run to start Registry Editor-turn Hkey_local_machinesystemcurrentcontrolsetservicesaspnet_ Stateparameters node, double-click the Port option-Select Base to Decimal, and then enter a port number. )
2.2 SQL Server
Execute a script file called InstallSqlState.sql in SQL Server. This script file will create a database in SQL Server dedicated to storing session information, and a SQL Server Agent job that maintains the session information database. We can find the file in the following path:
[System drive]\winnt\microsoft.net\framework\[version]\
Then open Query Analyzer, connect to the SQL Server server, open the file you just made and execute. Wait a moment, the database and the job is set up. At this point, you can open Enterprise Manager and see a new database called ASPState.
Change the value of mode to SQL Server. Note that you also need to modify the value of the sqlconnectionstring at the same time, in the format: sqlconnectionstring= "Data source=localhost; Integrated Security=sspi; " (This is through Windows Integrated authentication)
3. Session Life cycle
The life cycle of the session is actually discussed in the first section, and is related to different stored procedures.
4. Traverse and Destroy session
4.1 Traversal:
System.Collections.IEnumerator sessionenum = Session.Keys.GetEnumerator ();
while (Sessionenum.movenext ())
{
Response.Write (Session[sessionenum.current.tostring ()). ToString () + "");
}
4.2 Destruction: Session.Abandon ().
Session storage mode and configuration