Migrating from ASP to ASP.NET - Session Management

(Page 9 of 11 )

Microsoft provided a great way to make the Web “stateful” through the use of ASP sessions. Sessions allow customer data such as shopping carts to be remembered between calls to the Web server with minimal effort. However, ASP sessions can cause scalability bottlenecks on high-volume sites because the session data is stored “in-process” on the Web server. Plus, ASP sessions are only good on the server where they are created, which poses a problem when Web farms need to be utilized to maximize a Web site’s availability.

Although “in-process” sessions are still available in ASP.NET, two other options now exist including state servers and SQL Server. Rather than storing sessions directly on the Web server, ASP.NET sessions can now be stored on a dedicated state server that can be shared by multiple Web farm servers. Sessions can also be stored in a SQL Server database. This provides better scalability and availability of sessions.

Storing sessions in these data stores can be accomplished by using the same code you may have used in ASP. Code such as…


Session(“CustomerName”) = “John Doe” 



… still works. Rather than requiring a change in coding as you switch between the three storage options, a configuration file named web.config can be modified to contain the desired session storage location. Figure 5 shows a portion of the web.config file that relates to session storage.


<configuration>
<system.web>
<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString=""
cookieless="false"
timeout="20"/>
</system.web>
</configuration>



Figure 6. Sessions can be stored three different ways in ASP.NET. This code shows how the web.config file can be edited to store session data on a dedicated state server. Notice that sessions can now be leveraged without cookies being enabled on the client browser. This is done by setting the value of the cookieless attribute to “false”. The mode attribute specifies where you would like to store your state information. Your options are Inproc, StateServer, SqlServer, or Off.

Table 1. Session State Storage Information 

Option	Description
Inproc	Session state is stored locally on this server (ASP style).
StateServer	Session state is stored in a state service process located remotely or potentially locally.
SqlServer	Session state is stored in a SQL Server database.
Off	Session state is disabled.

StateConnectionString and sqlConnectionString obviously come into factor if you use one of these other options. You can only use one storage option per application.

Next: Security >>
 

More ASP.NET Articles
More By Dada Kalander

Comments On: Migrating from ASP to ASP.NET

· Your second paragraph repeats the last half of the first.   >>> Post your comment now!