Sunday, July 31, 2011

Session Management in ASP.NET

Ques: What is session?
Ans: HTTP is stateless protocol; it can't hold any information on the page. Session provide that facility to store the information on server memory.

Ques: What is difference between session and states?
Ans: Both are used to persist certain data.
1) State is at web control level whereas session is at page level.
2) Values in a session can be shared across different pages within same app, but State can not be shared across different pages.
3) Viewstate cannot be used if the page does not post back to itself.

Ques: What is session Id?
Ans: SessionId is unique identifier by which server track each session. here are the steps:
1) Client hit the web server and store date in session.
2) Server creates session Id and stores it in Session state provider.
3) When client request goes to server to get data from session, server just look at the ID and fetches the information.
SessionID is transmitted through cookie named as ASP.NET_SessionId. If cookie is disabled from browser then ASP.NET uses modified url("munged") url to send sessionID.

Ques: What are the different modes in which we can store the session?
Ans: Following are the possible ways:

1) InProc:
It stores the session in current application domain and handled by worker process in app pool. Restarting server will cause loss of session data.
Adv:
1) Accessing data is very fast.
2) Serialization not required.
DisAdv:
1) Recycling server causes data loss.
2) Performance hit, because of memory use.

2) StateServer :
Also called as out proc session mode. State server uses a standalone windows service independent to IIS and can also run as separate server. It is managed by aspnet_state.exe.
Adv:
1) Restarting server won't cause loss of data.
DisAdv:
1) Serialization/Deserialization overhead
2) Cost of data access to retrieve session data from another process.

3)SQLServer :
More secure and reliable session management. Stores data in SQL server DB.
Adv:
1) Data don not affected if we restart IIS.
2) More reliable and secure.
DisAdv:
1) Processing is very slow.
2) Serialization/Deserialization causes overhead.

4) Custom :
We can implement custom providers to store data by deriving from sessionstatestoreproviderbase class and we can generate new session by implementing ISessionID Manager.

There is also off mode, which allows you to disable session.

Ques: What are the events associated with session?
Ans: There are 2 events:
1) Session_Start(When new session initiated)
2) Session_End(when session expired, supported by InProc mode)
both of these can be handled in global.asax file.

Ques: What is Web garden?
Ans: App pool with multiple worker process is called as web-garden. It is not supported by InProc session.

Ques: How can we remove session?
Ans:
Session.Remove(strSessionName) --> Remove an Item from Session State Collection
Session.RemoveAll() --> Remove all items from session collection
Session.Clear() --> Remove all items from session collection
Note: There is no difference between Clear and RemoveAll. RemoveAll() calls Clear(), internally.
Session.Abandon() --> Cancels the Current Session

Ques: How session gets populate in http request?
Ans: In classic ASP, the session state is implemented as a free-threaded COM object contained in the asp.dll library. This object stores data organized as a collection of name/value pairs.
In ASP.NET, any incoming HTTP request passes through a pipeline of HTTP modules. Each module can filter and modify the amount of information carried over by the request. The information associated with each request is known as the call context and is programmatically represented with the HttpContext object. As the request passes through the chain of registered HTTP modules, its HttpContext object is endowed with references to state objects. When the request is finally ready for processing, the associated call context is bound to session-specific (Session) and global state objects (Application and Cache). The HTTP module responsible for setting up the session state for each user is SessionStateModule.

No comments:

Post a Comment