Selecting the Method for Maintaining and Storing ASP.NET Session State

  • Article

Applies To: Windows Server 2003, Windows Server 2003 with SP1

You can configure the method used by ASP.NET to maintain session state. ASP.NET supports the following methods for maintaining session state:

  • In process. The process for maintaining session state runs in the same worker process as the ASP.NET application and approximates how Active Server Pages (ASP) applications maintain session state. If the worker process for the ASP.NET application recycles, all session state information is lost.

  • Out of process. The process for maintaining session state runs in a different worker process, either on the same Web server or another server, than the worker process for the ASP.NET application. If the worker process for the ASP.NET application recycles, session state information is retained.

You can configure ASP.NET session state settings by modifying the mode attribute in the <sessionState> section of the Machine.config file for all applications or in the Web.config file for specific applications. The session state settings in the IIS 6.0 metabase only apply to ASP applications. ASP.NET and ASP applications cannot share session state.

Select one of the following methods for storing.ASP.NET session state:

  • In process, local to the Web server. ASP.NET session state is managed by and stored on the local Web server. This is the default mode for ASP.NET session state management and it approximates how ASP applications manage session state.

    This method allows the session state to be stored across worker process threads in a Web garden. However, the in-process mode does not allow session state to be store across servers in a Web farm. For more information about Web gardens, see "Configuring Web Gardens" in Ensuring Application Availability.

    To use this method to store ASP.NET session state, set the session state mode attribute to InProc.

  • Out of process, by using the ASP.NET state service. The ASP.NET state service (aspnet_state.exe) runs as a service on Windows Server 2003. You can run the ASP.NET state service local to a Web server to support Web gardens, or on a separate server to support Web farms.

    To use this method to store ASP.NET session state, set the session state mode attribute to StateServer.

  • Out of process, by using a computer running SQL Server. ASP.NET session state can be managed by and stored in a database on a computer running Microsoft SQL Server. Like the ASP.NET state service, this out-of-process mode provides support for Web gardens or Web farms.

    To use this method to store ASP.NET session state, set the session state mode attribute to SQLServer.

Table 2.1 compares the methods for maintaining ASP.NET session state, listing the advantages and disadvantages of each method.

Table 2.1 Comparison of Methods for Maintaining ASP.NET Session State

Method Advantages Disadvantages

In-process
  • Requires no additional computers.

  • Provides faster access to session state than the out-of-process modes because state is maintained in memory and is in-process.
  • Does not provide centralized storage of session state for Web farms.

  • Provides no redundancy in the event of a Web server failure.

  • Does not survive application restarts or process recycles.

Out-of-process with the ASP.NET state service running on the local Web server
  • Provides centralized storage of session state to support Web gardens.

  • Requires no additional computers.
  • Does not have a mechanism for failover or partitioning.

  • Out-of-process state requires serializing data and does not perform as well as in-process state.

  • Provides slower access to session state than in-process mode.

Out-of-process with the ASP.NET state service running on a separate server
  • Provides centralized storage of session state to support Web gardens or Web farms.
  • Requires an additional computer to store the session state.

  • Does not have a mechanism for failover or partitioning.

  • Does not support remote authentication, so administrators must control access to the computer with Internet Protocol security (IPsec) and/or firewall rules.

  • Out-of-process state requires serializing data and does not perform as well as in-process state.

  • Provides slower access to session state than in-process mode.

Out-of-process with session state stored on a separate computer running SQL Server
  • Provides centralized storage of session state to support Web gardens or Web farms.

  • Can store session state on a computer running SQL Server that is used for other purposes and share the costs of the server.

  • Can cluster the computer running SQL Server to provide higher availability.
  • Requires an additional computer to store the session state.

  • Out-of-process state requires serializing data and does not perform as well as in-process state.

  • Provides slower access to session state than in-process mode.

Note

Before you can use an out-of-process state method for managing and storing session state, you must ensure that the objects defined by and used by your ASP.NET application are serializable. Making an object serializable is usually a matter of adding the object class with the Serializable attribute. Consult with the ASP.NET application developer to ensure that all of the objects stored in session state by your ASP.NET applications are serializable.