How do you manage session in ASP and ASP.NET ?
Answers were Sorted based on User's Feedback
Answer / priya
One of the challenges to developing a successful Web
application is maintaining user information over the course
of a visit, or session, as the user travels from page to
page in an application. HTTP is a stateless protocol,
meaning that your Web server treats each HTTP request for a
page as an independent request; the server retains no
knowledge of previous requests, even if they occurred only
seconds prior to a current request. This inability to
remember previous requests means that it is this difficult
to write applications, such as an online catalog, where the
application may need to track the catalog items a user has
selected while jumping between the various pages of the
catalog.
ASP provides a unique solution for the problem of managing
session information. Using the ASP Session Object and a
special user ID generated by your server, you can create
clever applications that identify each visiting user and
collect information that your application can then use to
track user preferences or selections.
ASP assigns the user ID by means of an HTTP cookie, which
is a small file stored on the client's computer. So, if you
are creating an application for browsers that do not
support cookies, or if your customers might set their
browsers to refuse cookies, you should not use ASP's
session management features.
A session is defined as the period of time that a unique
user interacts with a Web application. Active Server Pages
(ASP) developers who wish to retain data for unique user
sessions can use an intrinsic feature known as session
state.
Programmatically, session state is nothing more than memory
in the shape of a dictionary or hash table, e.g. key-value
pairs, which can be set and read for the duration of a
user's session. For example, a user selects stocks to track
and the Web application can store these values in the
user's ASP session instance:
Copy
Session("Stocks") = "MSFT; VRSN; GE"
Problems with ASP Session State
ASP developers know session state as a great feature, but
one that is somewhat limited. These limitations include:
Process dependent: ASP session state exists in the process
that hosts ASP; thus the actions that affect the process
also affect session state. When the process is recycled or
fails, session state is lost.
Server farm limitations: As users move from server to
server in a Web server farm, their session state does not
follow them. ASP session state is machine specific. Each
ASP server provides its own session state, and unless the
user returns to the same server, the session state is
inaccessible. While network IP level routing solutions can
solve such problems, by ensuring that client IPs are routed
to the originating server, some ISPs choose to use a proxy
load-balancing solution for their clients. Most infamous of
these is AOL. Solutions such as AOL's prevent network level
routing of requests to servers because the IP addresses for
the requestor cannot be guaranteed to be unique.
Cookie dependent: Clients that don't accept HTTP cookies
can't take advantage of session state. Some clients believe
that cookies compromise security and/or privacy and thus
disable them, which disable session state on the server.
These are several of the problem sets that were taken into
consideration in the design of ASP.NET session state.
ASP.NET Session State
ASP.NET session state solves all of the above problems
associated with classic ASP session state:
Process independent: ASP.NET session state is able to run
in a separate process from the ASP.NET host process. If
session state is in a separate process, the ASP.NET process
can come and go while the session state process remains
available. Of course, you can still use session state in
process similar to classic ASP, too.
Support for server farm configurations: By moving to an out-
of-process model, ASP.NET also solves the server farm
problem. The new out-of-process model allows all servers in
the farm to share a session state process. You can
implement this by changing the ASP.NET configuration to
point to a common server.
Cookie independent: Although solutions to the problem of
cookieless state management do exist for classic ASP,
they're not trivial to implement. ASP.NET, on the other
hand, reduces the complexities of cookieless session state
to a simple configuration setting.
Is This Answer Correct ? | 3 Yes | 3 No |
Where does the Web page belong in the .NET Framework class hierarchy?
What is jade template engine?
To display data in a Repeater control which templete is provided ?
Define tracing.
what is command line compiler.what are the steps and how it is related to debugging.
how to handle sql exceptions?
What is a web api endpoint?
What are type/key pairs in client script registration? Can there be 2 scripts with the same type/key pair name?
Explain the use of dataadapter.
Have you used microsoft dataaccess blocks and Exception blocks?
how to encrypt a connection string in web.config file?
Is session server side or client side?