email article printer friendly get the code more resources

Manage Session State on the Server
Learn seven server-side techniques for overcoming HTTP's stateless nature.
by Leonard Lobel

October 2003 Issue

Technology Toolbox: VB.NET, ASP.NET

Managing state in Web applications (that is, keeping track of users' actions as they navigate the pages in your application) has traditionally been a thorn in developers' sides. Time you devote to state management is time taken away from core application logic—a cost you don't incur when building Windows desktop applications.

I introduced the concept of statelessness in the HTTP world in last month's column and presented several client-side solutions (see Additional Resources). I showed how to use cookies, hidden fields, query strings, and ViewState to pass state information between the client browser and your ASP.NET application running on an Internet Information Services (IIS) Web server. Client-side techniques for storing simple data types (such as strings and numbers) don't consume server resources while waiting for the user to request the next page, and they provide the greatest scalability by keeping the server "stateless." However, they suffer from a few limitations. Larger amounts of data cause longer request/response transmissions, which results in noticeably longer delays in serving pages. Furthermore, complex data types (such as objects and structures) are difficult or impossible to manage on the client. You're likely to encounter these limitations in real-world applications and will inevitably need to use the server for managing state. In this article, I'll show you the server-side options available for handling state ( download the sample code).

Developers have devised a variety of clever hacks over the years to get around the issue of providing state in a stateless environment. With the release of ASP.NET and the .NET Framework, Microsoft has made it easier than ever to implement state in Web applications. The .NET Framework offers several built-in, easy-to-use features that provide a clean approach to server-side state management. Some of these features support state across Web farms (multiple load-balancing Web servers)—a sophisticated scenario you can handle now with remarkable ease. These solutions greatly surpass the kludges of the past, which were typically convoluted and often interfered with core application logic.

I'll cover seven server-side state-management techniques: cookie-based sessions, cookie-less sessions, read-only sessions, application variables, static variables, out-of-process (ASP.NET State Service), and out-of-process (SQL Server). Don't let the number of available choices overwhelm you; as you'll see, these techniques are quite simple to implement. Like the client-side techniques, they aren't mutually exclusive, and you can combine them effectively within a single application as you see fit. Once you understand the characteristics and caveats of each, you can choose among them on a case-by-case basis.