oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Writing ASP.NET Web Forms with C#
Pages: 1, 2, 3, 4, 5, 6

The In-Process Mode

You only use this mode if your application won't attract many audiences. Why? Because this mode is basically the same as the old session management in ASP. It consumes computer memory and cannot work in a Web farm without the help of other products that make sure the user always gets directed to the server that issues the session identifier. However, this mode has the fastest response time because Session objects are stored in the same process as the worker process.

The State Server Mode

This is an out-of-process mode. You use this mode if your ASP.NET application is to be hosted in a Web farm. In this mode, ASP.NET saves Session objects in the memory of a shared computer that can be accessed by all servers in a Web farm. As a result, you don't need to redirect subsequent requests from the same user to the server that originates the session identifier. However, because the session information is still stored in the memory, scalability is compromised.

The SQL Server Mode

Like the state server mode, this mode also works out-of-process. In this mode, session information is stored in a SQL Server database accessible to all Web servers in a Web farm. All the Web servers must know the address of the SQL server, as well as the user name and password, to access the database. You don't need to have a Web farm to use this mode, however. You can have the SQL Server in the same machine as the Web server. This mode is to be used in a large Web application to ensure scalability.

To use this mode, you must first create a database in the SQL Server using the script file named state.sql found in the [system drive]\winnt\Microsoft.NET\Framework\[version]\ directory to create a database called ASPState and two tables and several stored procedures inside the ASPState database. These two tables are used to persist session information.

Session Management Configuration

The good thing about the new session-management feature is you can still use the familiar code that you used to use in ASP to manage session information. Nothing has changed. For example, you can use the following code to store the value of text1 to a session variable called aSession.

Session["aSession"] = text1.Value;

Later on, you can retrieve the value from the same Session["aSession"]. All you need to do to use the session management is some configuration in the config.web file. There are two of these files, the global config.web that applies to all applications in a machine, and the application-specific config.web file. The latter is an optional file and applies only to that application. If the same settings are present in both files, the application config.web will overwrite the global one. In .NET SDK Beta 1, the machine config.web file is located in the following directory.


The application config.web file, on the other hand, resides in the application's directory.

The setting that you need to modify to use session management is the <sessionstate> node. The syntax is as follows.

  mode = "inproc" | "sqlserver" | "stateserver"
  cookieless = "true" | "false"
  timeout = <session timeout in minutes>
  sqlconnectionstring = <connection string>
  server = <server name>
  port = <port number>

The six settings above (mode, cookieless, timeout, sqlconnectionstring, server and port) are used to configure the ASP.NET session state. Each setting is explained below.

  • mode -- This setting determines the mode and can have one of the three values: inproc, stateserver and sqlserver. You use inproc if you want to use the in-process mode, stateserver to use the ASP State Windows NT service (out-of-process), and sqlserver to use the SQL Server mode.

  • cookieless -- The cookieless option for ASP.NET determines whether or not the session identifier is transferred from the Web server to the browser and vice versa using cookies. The cookieless setting can accept one of the two values: "false" and "true." If the value of this setting is "false," cookies are used to convey session identifiers; otherwise, ASP.NET uses a different approach, as explained in the "Cookieless Session Management" section of this article.

  • timeout -- This setting controls the length of time in minutes a session is considered valid. The session timeout is a sliding value; on each request the timeout period is set to the current time plus the timeout value. This setting accepts a whole positive number.

  • sqlconnectionstring -- The sqlconnectionstring setting identifies the database connection string that contains the database used for mode sqlserver. This setting is only used when mode is sqlserver. For other modes, sqlconnectionstring is ignored.

  • server -- In the out-of-process state server mode, this setting contains the server that stores the session information. This setting is only used when mode is stateserver. For other modes, this setting is ignored.

  • port -- In the out-of-process state server mode, this setting accompanies the server setting. It identifies the port number that corresponds to the server setting for mode stateserver. This setting is only used when mode is stateserver. For other modes, this setting is ignored.

The following are the session state default settings in the machine config.web file.

  sqlconnectionstring="data source=;user id=sa;password="

For example, to use the SQL Server mode, you should configure the <sessionstate> node of your config.web file as the following.

    sqlconnectionstring="data source=;
user id=tukijan;password=jumiyo44"

Note that if you set the cookieless setting to true, your session management will work without using cookies. In this case, rather than using an automatically-generated cookie that holds a unique 120-bit session identifier string containing URL-legal ASCII characters to identify and track each session, the ASP.NET session management system modifies the URL to include the information about the session identifier.


In this article, you have seen the new programming model in ASP.NET: Web Forms. Web Forms are new technology that is event-driven, and should be familiar to you if you have been programming using Visual Basic or Visual C++. You have also seen how to use the two sets of server controls: HTML controls and Web controls. You also learned how to separate user interface and code in different files and the new feature of session management that can be made scalable, cookie independent and work in a Web farm.