Fun With .NET Sessions

Published on May 5, 2017 by arothstein

Web-based applications typically require the capacity to store and retain information on behalf of its users, for a finite period of time. That duration, referred to as the user’s “Session”, begins the moment the user first interacts with the application and ends at some arbitrary point-in-time after the user ceases interaction. The Session serves as a provisional allocation of memory, unique to each user, where data can be added during one page request and retrieved, manipulated or deleted during later page requests.

Envision an online clothing store, where you peruse the fall fashions and add items to your cart. Later, you glance over other sections like children’s, clearance and automotive, adding more items to your cart as you go. Along the way you may remove a few items and/or decide you want multiples of others. Once you’re ready to make a purchase, you arrive at the checkout and see all of your selections and quantities are accurately accounted for. After you check out, the cart is emptied and the process can start over. Sessions are a server-side technology that provide a foundation for this capability.

Session handling is built into .NET, and is a simple setup for web apps that are hosted on a single server. Too simple; there is no setup, you just start using Sessions. For web apps that are hosted on multiple servers (a farm), there are four key steps you need to follow:

Create Session Database

To create a session database on SQL server .NET must be installed on the machine you’re using to create the database. You will also need a SQL account with the ability to create databases, make schema changes and execute rights in msdb. For this example, I’ll be using a SQL account with sysadmin privileges on a 64-bit version of Windows running .NET 4.0.

Open a command prompt and navigate to the appropriate .NET directory:

cd \%windir%\ Microsoft.NET\Framework64\v4.0.30319

Execute the aspnet_regsql command with the appropriate switches:

aspnet_regsql -S SQL-WEB-1 -U db_operator -P test1234 -d session_store -ssadd -sstype c
-S The name of your SQL Server
-U SQL account username
-P SQL account password
-ssadd Instructs aspnet_regsql to add support for Session state
-sstype c For custom database. Other options are t for using tempdb and p for ASPState.
-d Name of your new Session database. Used only when sstype is c

Create SQL Account

You will need a SQL account that has datareader, datawriter and execute stored procedure privileges within your newly created database. For simplicity, I usually grant this account db_owner rights.

Add Directive to web.config

The directive below needs to be added to your web.config, within the <system.web> section.

<sessionState mode=”SQLServer” allowCustomSqlDatabase=”true” sqlConnectionString=”data source=SQL-WEB-1;user id=session_dbUser;password=test1234;initial catalog=session_store” timeout=”200″ useHostingIdentity=”false” cookieless=”false”/>

Note I’ve set the timeout attribute to a value of 200. This will keep a session alive for 200 minutes between user interactions. After 200 minutes of inactivity have passed, the session will be destroyed.

Serialize Objects

If you plan to store Objects in the Session, they must be decorated as Serializable. Without going into detail, this directive informs .NET the decorated class needs to express data-members in a format other than binary, like XML or SOAP, for the purposes of storage and retrieval. Again, this answer is fundamentally correct, but won’t earn you points on a quiz.

public class MyClass
. . .

Bonus Material

If you’re a lowly web developer, like me, you may not have access to a Standard or Enterprise version of SQL Server. Fortunately, SQL Express is freely available from Microsoft. However, SQL Express doesn’t include the SQL Agent, which handles automating the deletion of expired session records. To overcome this limitation, you can write a script and have a Scheduled Task in Windows execute it.

Create a batch file that executes SQLCMD:

SQLCMD -S localhost -U session_dbUser -P test1234 -d session_store -Q “EXEC DeleteExpiredSessions”

SQLCMD is a command line utility which allows you to connect to a SQL Server, and execute SQL statements. In this example, we’re connecting to our Session database and executing the DeleteExpiredSessions procedure.

For a quick demonstration, view our YouTube video here

[shareaholic app="share_buttons" id="27427430"]