State Management Technique In ASP.NET - Part One

State Management in Asp.Net

As we know that applications developed using ASP.NET depends on the protocol such as HTTP, a stateless protocol. If the user is trying to register a form by filling the user details and when the user clicks on the submit button, the information will be lost because ASP.NET supports stateless protocol.

For post back requests, the web application or webpage does not hold the previous user's information. In order to overcome the above problem, we have an alternative that is State Management technique.

State Management

It is a process of storing the user's information when user submits the request to the Web Server. We have two types of State Management techniques.
  • Server Side State Management
  • Client Side State Management
Server Side State Management

When the user submits its request (like user registration), then the user's information will be stored with the Web Server. If the user data is confidential, then we need to make use of Server Side State Management to save the user's data into the Web Server memory.

We can implement Server Side State Management technique in two ways.
  • Session State Management
  • Application State Management
Session State Management

To implement Session state management technique, we will use a concept of session and which is a part of HttpSessionState class. Session is a variable which is used for storing the user information or user's data.

As we know that in Server side state management, we will store the user's data / user's information into the Web Server memory. Within the Web Server's memory, a session variable will be created in order to store the user data using session state management.

The session will be available in the Web Server's memory until they are removed or the session expires. Each and every session will be representing with a unique id which can be called as Session id. In order to access the user 's data which is stored in the Web Server memory, we can access it by session id.

When the user requests for a webpage, then on behalf of every user, the session will be created and different session variables will be maintained for different users who request the webpage. Web Server will maintain all the session variables in its memory, when the user requests for a webpage. The default lifetime of the session variable will be 20 minutes. If we want to increase the life time of variable, then we have to use the timeout attribute.

<Session state mode="InProc" timeout="60"> (Here in proc is the default mode and 60 is the minutes.)

  1. Session["Value"]= Textbox1.Text;  
  2. Label1.Text=Session["value"];   
State Providers

It is the place or location where the session variables are created. It is part of the Web Server. In ASP.NET, we have different types of sessions.
  1. In proc session
  2. State server session
  3. SQL server session
  4. Custom session
For defining the session, we need to configure the settings in web.config file like below.
  1. <configuration>  
  2.     <System.web>  
  3.         <Session state mode="Inproc(default), Timeout=" 60 ">  
  4. Custom,  
  5. off,  
  6. Sql server,  
  7. state server" </Session state>  
  8.     </System.web>  
  9. </configuration>  
Here, in the above configuration file, "In proc" is the default mode of session state management; and if mode="off", then that application will not support any kind of session.
  • Mode It is an attribute for defining the type of the session.
  • Timeout Timeout attribute defines the lifetime of the session given by the programmer in minutes.
In proc session

The "In proc" session will be creating within the current app domain and its part of the Web Server. It is the default mode of the session state. It supports two kinds of events, such as Session_start and Session_End events. The session_start event fires when the new session variable is created.

The session_end event fires when the session is expired or session ends. From the above four sessions, like In proc, state, SQL server, and custom, only In proc session supports session_end event. Accessing the In proc session will be faster compared to other sessions because it is part of Web Server.

If the web Server is started or crashed, the "In proc" session data may loose. So, it is suitable for small web applications.

Example for In proc Session
  1. <configuration>  
  2.     <system.web>  
  3.         <sessionState mode="InProc" timeout="50"> </sessionState>  
  4.     </system.web>  
  5. </configuration>  
  1. class Login {  
  2.     Public void Loginclick() {  
  3.         Session["userid"] = Textlogin.Text;  
  4.         Response.Redirect("Welcome.aspx");  
  5.     }  
  6. }  
  1. Class Welcome {  
  2.     pblic void Page_Load() {  
  3.         Label1.Text = Session["userid"].ToString();  
  4.     }  
  5. }  
State Server session

State server session is out of memory which means it is not part of web server memory but of Windows Service. It is created at the following location C:\[SystemFolder]\Microsoft.Net\Framework\[.Net Framework Version Number]\aspnet_state.exe. For example - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

Before the implementation of state server session, the Windows Service should be ON. We can start the Windows Service in the following ways.
  1. From the command prompt window, we can execute the following command/code.
    C:\> net start aspnet_state (Enter)
  2. We can start Windows Service manually like
    Start ----> Settings--->Control Panel--->Click on the Administrative Tools--->Click on the service icon.
It will be displaying a list of Windows Services-----> Select ASP.NET State Service and double click on it----> This action will open its properties window.
Click on "Start" button.

Example for state server session
  1. <configuration>  
  2.     <system.web>  
  3.         <sessionState mode="StateServer" stateConnectionString="tcpip=" timeout="50" /> </system.web>  
  4. </configuration>  
It is suitable for large web applications, like webgarden or webfarm models.

The State Server data is more secure when compared to In proc. As we know when the web Server is started or it is crashed, then there may be chances of loosing the "In proc" data as that is part of Web Server.

But state server session data will be safe because it is not part of Server memory. Accessing the state server session data is slow as it is stored outside the Web Server. Maintenance of state server session is very expensive and due to this, it is not suitable for small web applications.

SQL Server session

SQL Server session will be created within a SQL Server database. SQL Server session is slow compared to State server and "In proc" session. It is more secure than those two because these sessions will be storing within the SQL Server database. Before implementing the SQL Server session, the SQL Server database should be ON and we have to create a user defined database called Aspstate database.

Whenever we want to store confidential data like User's account credentials, then we have use the SQL Server session. Implementation of SQL Server session consists of the following steps.
  1. Creating a database (ie.Aspstate) by using Aspnet_regsqlUtility.
  2. Defining the SQL Server Session state within the web.config file.
  3. Assigning the value to the SQL Server session.
  4. Retrieving the value from SQL Server session.
Aspnet_regsql Utility

It is a .NET framework utility. Whenever we install the .NET framework, by default the Aspnet_regsql utility will be installed. By using this utility, we can create Aspstate database from the installed Visual Studio command prompt to store SQL Server sessions.

The Aspnet_regsql utility will be created within the following location/path, 

C:\windows\\framework\v4.0.0.39 (it is the folder version)
Example for creating the Aspstate database

From the Visual Studio command prompt, access the Aspnet_regsql Utility path that is
  1. D:/> cd  
  2. C:\windows\\framework\v4.0.0.39  

From the above path, we will execute a command for creating a database.
  1. C:\windows\\framework\v4.0.0.39>aspnet-regsql -S KHAJA-PC -U sa -P password -SSadd -SStype P  

  • aspnet-regsql  - It is the Framework utility for creating database.
  • S - it is the server name.
  • U - it is the username of the SQL Server database.
  • P - it is the password of the SQL Server db.
  • P - it is the persistence.
Once the above command is executed, we will get a message as Start adding session state, and a database will be created as Aspstate.
Example to declare SQL Server session in web.config file.
  1. <configuration>  
  2.     <System.web>  
  3.         <Session state mode="sqlserver" sqlconnection string="userid=sa;password=password" Timeout="60">  
  4.     </System.web>  
  5. </configuration>  
It is suitable for large web applications like webgarden or webfarm model. If we start the Web Server or in case of any crash, the SQL Server session data will be safe. Maintenance of SQL Server session will be very expensive, however, the accessing will be slow.

It is not suitable for small web applications because it is very expensive.
Custom Session

Custom session will be created within the customized location which is given by the programmer.

Application state Management

It is used to store the user information which will be common for all the users in the particular application. Application variable will be created only once, for all the users and it is common for all the users. Example for application variable is YouTube Views, SlideShare Views etc.

There is no timeout attribute or we cannot decide the life time for the application variable as it will be available till application is running within the IIS Web Server.

  1. Application["userViews"] = TextViews.Text;  
  2. class PageLoad() {  
  3.     DisplayNoofViews.Text = Application["userViews"].ToString();  
  4. }   
Application & Session Events

It is available in global.asax.cs file.
  1. Application_start
    It will fire or invoke when the application starts within the Web Server (IIS).

  2. Application_End
    It will fire or invoke when the application stops within the Web Server (IIS).

  3. Application_Error
    It will fire or invoke when an error occurs, which is not handled by using exceptional handling mechanism.
Session Events
  1. Session_start
    It will fire or invoke when a new session is started within the Web Server (IIS).

  2. Session_End
    It will fire or invoke when the session is expired.
This event will fire only for "In proc" session.
Please share your feedback in the comment box. Thanks & I hope, this article helps you.