I have a love/hate relationship with the ASP. NET Session. It's such a convenient place to put things, but when you start putting applications into production there are a number of less-than-obvious edge cases that can come up and bite you. Most often the Session is used when managing state over a long process like a multi-step wizard or questionnaire. However, when people use the Session, they often lean on it a little. They'll bake it into their design so deep that when it doesn't work, they're screwed. That's not to say they shouldn't be able to lean on it, I'm just saying that there's a lot of things going on with Session (not just on ASP. NET, but other frameworks as well) in order to get it to look seamless. Built in Options ASP. NET offers three options (four if you count rolling your own). Inproc - The default, and usually works fine. However, you can get into trouble in a few scenarios. Web Farms - If you have more than one web server, it's important to remember that your users may not stick to the same webserver with each request. Some routers offer Sticky- Sessions or the ability to pin a user to a server. This works well if the router uses cookies as its key, but it's less reliable if the router uses IP address/source port as the key as these may change, especially if the user is behind a mega-proxy. Web Gardening - If you've setup IIS to run multiple instances of the IIS Worker Process on a single multi-proc machine, this is the equivalent of running a Web Farm, just on one machine. This technique is usually only useful when you've got a very CPU-intensive application - in other words, don't just turn on Web Gardening and expect your problems to get better instantly. It's subtle. Unexpected Process Recycling - IIS6 had some wonky defaults and would recycle the App Pool or Process when some certain limits were hit, like after x number of requests or after 20.
To follow on from what others have said. I tend to have two layers: The core layer. This is within a DLL that is added to nearly all web app projects. In this I have a Session Vars class which does the grunt work for Session state getters/setters. It contains code like the following: public class Session Var static Http Session State Session get if ( Http Context. Current = null) throw new Application Exception( No Http Context, No Session to Get! return Http Context. Current. Session; public static T Get< T>(string key) if ( Session[key] = null) return default( T else return ( T) Session[key]; public static void Set< T>(string key, T value) Session[key] = value; Note the generics for getting any type. I then also add Getters/ Setters for specific types, especially string since I often prefer to work with string. Empty rather than null for variables presented to Users. e.g: public static string Get String(string key) string s = Get(key return s = null? string. Empty : s; public static void Set String(string key, string value) Set(key, value And so on. I then create wrappers to abstract that away and bring it up to the application model. For example, if we have customer details: public class Customer Info public string Name get return Session Var. Get String( Customer Info_ Name set Session Var. Set String( Customer Info_ Name, value You get the idea right? NOTE: Just had a thought when adding a comment to the accepted answer. Always ensure objects are serializable when storing them in Session when using a state server. It can be all too easy to try and save an object using the generics when on web farm and it go boom. I deploy on a web farm at work so added checks to my code in the core layer to see if the object is serializable, another benefit of encapsulating the Session Getters and Setters.
MSDN Library MSDN Library Design Tools Development Tools and Languages Mobile and Embedded Development. NET Development Office development Online Services Open Specifications patterns string last Name = (string Session[ Last ] string city = (string Session[ City ] Compiling the Code This example requires: A Web Forms page or class that has access to the current request context using the Current property in an ASP. NET application that has session state enabled. Robust Programming No exception is thrown if you attempt to get a value out of session state that does not exist. To be sure that the value you want is in session state, check first for the existence of the object with a test such as the following: C VB Copy if ( Session[ City ] = null) / No such value in session state; take appropriate action. If you attempt to use a nonexistent session state entry in some other way (for example, to examine its type a Null Reference Exception exception is thrown. Session values are of type Object. In Visual Basic, if you set Option Strict On, you must cast from type Object to the appropriate type when getting values out of session state, as shown in the example. In C, you should always cast to the appropriate type when reading session values. See Also ASP. NET View State Overview ASP. NET State Management Overview ASP. NET State Management Recommendations ASP. NET State Management Overview Show: Inherited Protected Any suggestions? Print Export (0) Any suggestions? Print.
Download Now