DotNetStories
Session State in ASP.Net
In this post I will talk about ASP.Net State management. I will provide a hands on example with VS and VB.Net.
Before I go on with my example I would like to give a short
introduction first.
Web applications are built on Hypertext Transfer Protocol (HTTP). HTTP is a stateless protocol and each request to the server from the client is understood as an independent request.
ASP.NET provides a powerful way to store a user’s session
specific data using the Session State which is accessible as
long as the user’s session is alive.
At some point we might need to access complex information
such as custom objects.Obviously we can’t persist them to
cookies.In our application we could have strict security
requirements that prevents us from storing information
about a client in view state or in a custom cookie. In cases
like that, we must use the built-in session state
facility.We can store any type of data in memory on the
server. The information is protected, because it is never
transmitted to the client, and it’s uniquely bound to a
specific session. Every client that accesses
the
application has a different session and a distinct
collection of information. We could store in session state
things such as the items in the current user’s shopping
basket when the
user browses from one page to another.
One might ask, "What is the mechanism for session tracking?"
ASP.NET uses a unique 120-bit identifier and produces
a unique value that evil people can’t reverse-engineer or
“hack”, the session ID a given client is using. This is the
only piece of session-related information that is
transmitted between the web server and the client.
The client presents the session ID, then what happens is
that ASP.NET looks up the corresponding session, retrieves
the objects stored and places them into a special collection
so they can be accessed by our code.
The client must present the appropriate session ID with each
request.
We can accomplish this in two ways:
Cookies: In this case, the session ID is transmitted
in a special cookie (named
ASP.NET_SessionId), which
ASP.NET creates automatically when the session collection
is
used.
Using URLs: In this case, the
session ID is transmitted in a specially modified URL. This
allows you to create applications that use session state
with clients
that don’t support cookies.
Session state can slow down our application. It solves
many of the problems associated with other forms of state
management but places a heavy load on the server in terms of
memory.
If we have hundreds or thousands of clients
access the site then the performance will be very bad.
The
last thing we want is to have an application that cannot
scale gracefully.
I will be using VS 2010 Ultimate edition and VB.Net to create a simple asp.net application.
We will use in our next example session state to store
several Car objects.
1) Launch Visual Studio 2010/2008/2005.Express edition will suffice.
2) Create a web site with an appropriate name.
3) Add a class file in your site and name it Car.vb. The code should be like this
Public Class Car
Public Name As String
Public Colour As String
Public Cost As Double
Public Sub New(ByVal name As String, _
ByVal colour As String, ByVal cost As Double)
Me.Name = name
Me.Colour = Colour
Me.Cost = cost
End Sub
End Class
4) Add a listbox,2 label controls and a button in the
default.aspx page. Name the listbox control as
lstItems, the 2 labels as lblSessionInfo and
lblCarInfo. Leave the default name for the button
control.
5) In the Page_Load event handling routine type
If Me.IsPostBack = False Then
Dim car1 As New Car("BMW", _
"Blue", 32000)
Dim car2 As New Car("VW Polo", _
"Black", 18667)
Dim car3 As New Car("Audi", _
"Red", 30345)
Dim car4 As New Car("Citroen", _
"Gray", 9878)
Session("mycar1") = car1
Session("mycar2") = car2
Session("mycar3") = car3
Session("mycar4") = car4
lstItems.Items.Add(car1.Name)
lstItems.Items.Add(car2.Name)
lstItems.Items.Add(car3.Name)
lstItems.Items.Add(car4.Name)
End If
lblSessionInfo.Text = "Session ID: " & Session.SessionID
lblSessionInfo.Text &= "<br />Number of Objects: "
lblSessionInfo.Text &= Session.Count.ToString()
lblSessionInfo.Text &= "<br />Mode: " & Session.Mode.ToString()
lblSessionInfo.Text &= "<br />Is Cookieless: "
lblSessionInfo.Text &= Session.IsCookieless.ToString()
lblSessionInfo.Text &= "<br />Is New: "
lblSessionInfo.Text &= Session.IsNewSession.ToString()
lblSessionInfo.Text &= "<br />Timeout (minutes): "
lblSessionInfo.Text &= Session.Timeout.ToString()
The Car objects are created the first time when the page is
loaded, and they’re stored in
session state. The user
can then choose from a list of car names. When a
selection
is made, the corresponding object will be
retrieved, and its information will be displayed.The code is
very simple.
6) Double click on the button and in the event handling routine type
If lstItems.SelectedIndex = -1 Then
lblCarInfo.Text = "No item selected."
Else
Dim Key As String
Key = "mycar" & _
(lstItems.SelectedIndex + 1).ToString()
Dim TheCar As Car = CType(Session(Key), Car)
lblCarInfo.Text = "Name: " & TheCar.Name
lblCarInfo.Text &= "<br />Color: "
lblCarInfo.Text &= TheCar.Colour
lblCarInfo.Text &= "<br />Cost: " & TheCar.Cost.ToString("c")
We retrieve the current Car object from Session like this
Dim TheCar As Car = CType(Session(Key), Car)
7) Run your application and see the names of the Car objects stored in the Session listed in the ListBox control. You will also see when the page loads useful information about the Session.
Select one car name and hit the button. You will see whole
information about the specific car object stored in the
session state.
Email me if you want the source code.
Hope it helps!!!