Session storage within .Net is a huge improvement over the classic ASP type methods. The inbuilt support for Inproc, StateServer and SqlServer is great. One thing that has plagued me for sometime though is that I have been unable to use it in almost every enterprise application I have written (bar one).
Inproc is not scalable (ie. can't make it work in a web farm unless you reduce scalability by using something like sticky sessions and ensuring a user is always redirected to the same box), and SqlServer requires direct access to the database from the web server, which isn't appropriate for me as I work on 3 tier apps where the web server has an application server in between. StateServer can be used in this instance but it introduces a single point of failure and also the problem of where to store the session data. You can dedicate a separate machine to the task but this is hard to justify in terms of hardware purchasing. You can store it on “one” app server, but this affects this app servers memory usage and processing abaility (depending on how often its used).
One of the things that new devs in our organisation get excited about is the new session management features, until we inform them that they wont be able to use it on project <x> due to the 3 tier nature (StateServer not being used for reasons above).
It is with this in mind that I have been working feverishly on a (get ready for a stupid name) “MultiHop Session” library for our next project, which enables you to use syntax like :-
Session[”variable name”] = objSomeThing;
objSomeThing = Session[”variable name”];
but which gets cascaded through the app server to the Sql database that is connected to the application server. So we can cluster the database and also have the potential of using any app server to cascade the session storage and retrieval requests. It uses either remoting or web services, operates over port 80, and is currently limited to Http. It does not employ a separate service, and hooks into the Session_Start, Session_End events (sort of). It is working currently but only in a rudimentary fashion and requires some work but is well on its way. You just include the library, set some config items, make your Global object inherit from MHWebApplication instead of the default, and you are away.
One thing I have found is the “weirdness” that is the Session_Start and End events. If you reflect over these, you'll find they aren't really events (in the .Net sense) but just methods that get called at (supposedly) start and end of each session. It seems that these events aren't particularly reliable though and found that they sometimes operate/fire a bit differently on some systems. Has anyone experienced this before? BTW, this library I am developing relies on the Inproc session model being enabled so that these “events” are fired.
Also, if there is any interest in the library I am working on, I'll probably throw it out in the community with complete source code but its not ready yet and I'll go by the interest in it, if any.
(I'll complain about the lack of the extensibility of the current - 1.0/1.1 session model in another post...;-) )