Session State in ASP.Net

In this post I will talk about ASP.Net State management. I will provide a hands on example with VS and VB.Net.

Before I go on with my example I would like to give a short introduction first.

Web applications are built on Hypertext Transfer Protocol (HTTP).  HTTP is a stateless protocol and each request to the server from the client is understood as an independent request.

ASP.NET provides a powerful way to store a user’s session specific data using the Session State which is accessible as long as the user’s session is alive. 

At some point we might need to access complex information such as custom objects.Obviously we can’t persist them to cookies.In our application we could have strict security requirements that prevents us  from storing information about a client in view state or in a custom cookie. In cases like that, we must use the built-in session state facility.We can store any type of data in memory on the server. The information is protected, because it is never transmitted to the client, and it’s uniquely bound to a specific session. Every client that accesses
the application has a different session and a distinct collection of information. We could store in session state things such as the items in the current user’s shopping basket when the
user browses from one page to another.

One might ask, "What is the mechanism for session tracking?"

ASP.NET uses a unique 120-bit identifier and produces a unique value  that  evil people can’t reverse-engineer or “hack”, the session ID a given client is using. This is the only piece of session-related information that is transmitted between the web server and the client.

The client presents the session ID, then what happens is that ASP.NET looks up the corresponding session, retrieves the objects stored and places them into a special collection so they can be accessed by our code.

The client must present the appropriate session ID with each request.

We can accomplish this in two ways:

Cookies: In this case, the session ID is transmitted in a special cookie (named
ASP.NET_SessionId), which ASP.NET creates automatically when the session collection is
Using URLs: In this case, the session ID is transmitted in a specially modified URL. This allows you to create applications that use session state with clients
that don’t support cookies.

Session state can slow down our application. It solves many of the problems associated with other forms of state management but places a heavy load on the server in terms of memory.
If we have hundreds or thousands of clients access the site then the performance will be very bad.
The last thing we want is to have an application that cannot scale gracefully.

I will be using VS 2010 Ultimate edition and VB.Net to create a simple application.

We will use in our next example session state to store several Car objects.

1) Launch Visual Studio 2010/2008/2005.Express edition will suffice.

2) Create a web site with an appropriate name.

3) Add a class file in your site and name it Car.vb. The code should be like this


Public Class Car
    Public Name As String
    Public Colour As String
    Public Cost As Double
    Public Sub New(ByVal name As String, _
    ByVal colour As StringByVal cost As Double)
        Me.Name = name
        Me.Colour = Colour
        Me.Cost = cost
    End Sub
End Class

4) Add a listbox,2 label controls and a button in the default.aspx page. Name the listbox control as lstItems, the 2 labels as lblSessionInfo and lblCarInfo. Leave the default name for the button control.

5) In the Page_Load event handling routine type

If Me.IsPostBack = False Then
            Dim car1 As New Car("BMW", _
            "Blue", 32000)
            Dim car2 As New Car("VW Polo", _
            "Black", 18667)
            Dim car3 As New Car("Audi", _
            "Red", 30345)
            Dim car4 As New Car("Citroen", _
            "Gray", 9878)
            Session("mycar1") = car1
            Session("mycar2") = car2
            Session("mycar3") = car3
            Session("mycar4") = car4
        End If
        lblSessionInfo.Text = "Session ID: " & Session.SessionID
        lblSessionInfo.Text &= "<br />Number of Objects: "
        lblSessionInfo.Text &= Session.Count.ToString()
        lblSessionInfo.Text &= "<br />Mode: " & Session.Mode.ToString()
        lblSessionInfo.Text &= "<br />Is Cookieless: "
        lblSessionInfo.Text &= Session.IsCookieless.ToString()
        lblSessionInfo.Text &= "<br />Is New: "
        lblSessionInfo.Text &= Session.IsNewSession.ToString()
        lblSessionInfo.Text &= "<br />Timeout (minutes): "
        lblSessionInfo.Text &= Session.Timeout.ToString()


The Car objects are created the first time when the page is loaded, and they’re stored in
session state. The user can then choose from a list of car names. When a selection
is made, the corresponding object will be retrieved, and its information will be displayed.The code is very simple.

6) Double click on the button and in the event handling routine type

  If lstItems.SelectedIndex = -1 Then
            lblCarInfo.Text = "No item selected."
            Dim Key As String
            Key = "mycar" & _
        (lstItems.SelectedIndex + 1).ToString()
            Dim TheCar As Car = CType(Session(Key), Car)
            lblCarInfo.Text = "Name: " & TheCar.Name
            lblCarInfo.Text &= "<br />Color: "
            lblCarInfo.Text &= TheCar.Colour
            lblCarInfo.Text &= "<br />Cost: " & TheCar.Cost.ToString("c")

We retrieve the current Car object from Session like this

 Dim TheCar As Car = CType(Session(Key), Car)


7) Run your application and see the names of the Car objects stored in the Session listed in the ListBox control. You will also see when the page loads useful information about the Session.

Select one car name and hit the button. You will see whole information about the specific car object stored in the session state.

Email me if you want the source code.

Hope it helps!!!

1 Comment

Comments have been disabled for this content.