.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Best Practices: Fast, Scalable, and Secure Session State Management for Your Web Applications

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

ASP.NET provides a number of ways to maintain user state, the most powerful of which is session state. This article takes an in-depth look at designing and deploying high-performance, scalable, secure session solutions, and presents best practices for both existing and new ASP.NET session state features straight from the ASP.NET feature team.

Mike Volodarsky

MSDN Magazine September 2005

View Complete Post

More Related Resource Links

ASP.NET Best Practices for High Performance Applications

This article lists the techniques that you can use to maximize the performance of your ASP.NET applications. It provides common issues, design guidelines, and coding tips to build optimal and robust solutions.

SQL Server Session state problem.


Hi to all,

I have some things that I want to know. I am right now using a free asp.net webhosting ("somee.com"). The problem is that when I am visiting a page, there's a tendency that values stored in my session variables are lost. Therefore, it causes an error when the requested page is loaded.

1. I am thinking of using sessionState mode="SqlServer". Will it solve my problem?

Actualy Im working on it but Im having problems when connecting to the sql database.

2.  Is that a problem in the webhost?

3. Do free webhosting sites provide allow session state in the sql server?. Because ive tried it locally into my computer and error say's i should intall the ASP.NET Session State SQL Server version 2.0 or above.

Inside Microsoft patterns & practices: Building WPF and Silverlight Applications with a Single Code


This article discusses the Project Linker tool and other techniques to create applications that target both WPF and Silverlight from a single code base.

Erwin van der Valk

MSDN Magazine August 2009

Windows Management Instrumentation: Create WMI Providers to Notify Applications of System Events


Windows Management Instrumentation (WMI) is based on an industry-wide standard for notifications used to manage objects and devices across a network. By receiving WMI events, an application can be notified of changes to data in WMI itself. This allows the developer to notify the consuming application that certain system configuration data has changed, without the application having to poll WMI continuously for this data. The author presents an explanation of the different types of events in WMI, then goes on to develop an event provider.

J. Andrew Schafer

MSDN Magazine September 2001

Taming the Stateless Beast: Managing Session State Across Servers on a Web Farm


Running a Web farm means managing session state across servers. Since session state can't be shared across a Web farm with Internet Information Services 5.0, a custom solution is required. One such solution using a tool called the session manager is described here. The article begins with a description of the SQL Server database used to store state information, the stored procedures used to update it, and the retrieval of session data. ASP code drives the session manager tool and the COM and COM+ components that run the stored procedures.

John Papa

MSDN Magazine October 2000

Web Security: Putting a Secure Front End on Your COM+ Distributed Applications


The Internet requires that developers provide a different security model for clients than is used on a closed network. Because it would be too resource-intensive for both the client and server to prove their identity to each other, you need to look at other ways to ensure secure communications. This article covers the options, from digital certificates to public and private key encryption to Secure Sockets Layer and Web certificates. The discussion covers the installation of certificates in Microsoft Internet Information Services along with other options specific to IIS. This article was adapted from Keith Brown's Programming Windows Security (Addison-Wesley), due out in July 2000.

Keith Brown

MSDN Magazine June 2000

Windows Management Instrumentation: Administering Windows and Applications across Your Enterprise


This article provides an overview of Windows Management Instrumentation, a technology that exposes a wide variety of system and device information through a standard API. With WMI, management information is exposed by following the object oriented structure outlined in the Common Information Model (CIM), which relies on inheritance for reuse and standardization of object classes that represent system devices. This article briefly describes querying WMI for information using a query language much like SQL called Windows Management Instrumentation Query Language (WQL), existing system classes, handling system events, and security in WMI.

Jeffrey Cooperstein

MSDN Magazine May 2000

Session State Problem




I just for the first time into a session state problem. So I am hoping someone

here has the answer.


I have written an ASP.Net website and tried to implement the common poor mans online user count.
The problem I am having is the following.

On App_Start I create a variable and assign it the value of 0;

Then increase the number on session_start and decrement on session_end.

On my local IIS it works perfectly from IE8 and Opera. The value increments correctly.
As soon as I upload to my live server. The value increments on every link I click and every page refresh when I test with IE8.
This does not happen when testing with Opera.

Could someone please shed some light on the subject.




Louis Lews

Good news for those of you who get "Unable to make the session state request to the session state se


Dear all,

Due to the known problem of session variables getting lost if using InProc-server during frequent changes in development, I had to choose between SQL and ASP.NET State server, so I opted for the second. Initially, all fine, but after using it for a few days, I started to get this error:

 Server Error in '/cv2' Application.
Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same.  If the server is on a remote machine, please ensure that it accepts remote requests by checking the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\Parameters\AllowRemoteConnection.  If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the state server connection string must use either 'localhost' or '' as the server name.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the clie

ASP.NET MVC 2 - I have a serious concern about the management of session variables.


I have a serious concern about the management of session variables.
I state that I have Windows Web Server 2008.
Currently values in the controller and call a session variable like this:
I have an action in as:
System.Web.HttpContext.Current.Session ['name'] = id_userlogged;

Session management



      I have a doubt regarding session state.I have  stored a value in session  while clicking a button.according to the session value i need to bind  a grid.Grid has to to refresh automatically. for that i am using ajax timer..It will sucessfully executed in localhost ..but implementing it to live servers.Session shows null value...what 's the issue...Can any one help me to solve this issue

Thanks In advance,

Preethy Kamath

How to use cookieless session state...

I want to know how its work and it advantage and disadvantegePls explain me with example

Session State for Listview Items?

Hi, I have a listview control, in it each item will have a checklist eg - Pass / Fail which will then have a label displaying the selected value. I also have datapager wired up to the listview. When i toggle between the datapages and toggle back, any result previously submitted will be wiped. I am thinking i should be using session state to temporarily store then info, and then once the session is finished use a submit button to send all values and ids into an xml. 1. Is this the right way of approaching the situation? 2. How would i specify session state for listview items, eg would i angle it through a itemdatabound event or the application itself?   Any assistance and advice would be appreciated as i have only started looking at state management and xml storage.  

Accessing Session State in a User Control

We have a web site that implements a custom SiteMapProvider using a User Control added in the master page. I need to be able to limit the sitemap nodes added depending on the logged in user, that is, certain users should not see certain sitemap nodes. Currently, the login processing code determines if users are in the certain category or role and then sets a value in session state, for example, Session["UserInRoleXXX"] = "Yes"; I tried changing the code in the user control to check the session state, but I got the following error: NullReferenceException ... Object reference not set to an instance of an object." Can session state be accessed in a user control? If so, how? If not, any suggested solutions? Thanks in advance for any help.

Session management modes

Why Session_OnEnd does not fire in state server & SQL Server modes....... i mean what is the speciality in InProc mode that Session_OnEnd fires in that mode only ????? 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend