Session Also known as session state, it is the most commonly used state in the Web system and is used to maintain some information related to the current browser instance. We often use Session to store user status when controlling user permissions. This article will talk about the storage method of Session, how to configure Session in web.config, the life cycle of Session, etc.
1. Session storage method.
Session is actually divided into client-side Session and server-side Session.
When a user establishes a connection with the Web server for the first time, the server will distribute a SessionID to the user as an identification. SessionID is a random string of 24 characters. Every time the user submits a page, the browser will include the SessionID in the HTTP header and submit it to the web server, so that the web server can distinguish which client is currently requesting the page. This SessionID is saved on the client and belongs to the client Session.
In fact, the client Session is stored in the form of a cookie by default, so when the user disables cookies, the server will not get the SessionID. At this time we can use the url method to store the client Session. That is, the SessionID is written directly in the url. Of course, this method is not commonly used.
Most of the Sessions we mention refer to server-side Sessions. It has three storage methods (customized storage will not be discussed here):
1.1 Saved in the IIS process:
Saved in the IIS process refers to saving the Session The data is saved in the running process of IIS, that is, the inetinfo.exe process. This is also the default Session storage method and the most commonly used.
The advantages of this method are simplicity and highest performance. But the Session is lost when restarting the IIS server.
1.2. Save on StateServer
This storage mode refers to storing Session data in a process called Asp.Net State Service , the process is independent of the Asp.Net worker process or a separate process of the IIS application pool. Using this mode ensures that the session state is preserved when the web application is restarted and makes the session state available to multiple web servers in the network. .
1.3. Save in SQL Server database
You can configure the Session data to be stored in the SQL Server database. In order to perform such configuration, Programmers first need to prepare the SQL Server data server, and then run the .NET built-in installation tool to install the state database.
This method will still exist after the server hangs and restarts, because it is stored in memory and disk.
The following is a comparison of these three methods:
| |
InProc |
StateServer |
SQLServer |
Storage physical location |
IIS Process (memory) |
Windows service process (memory) |
SQLServer database (disk) |
Storage type restrictions |
Unrestricted |
Types that can be serialized |
Types that can be serialized
|
Storage size limit |
Unlimited |
Using scope |
Current request context, independent for each user |
Life cycle |
The Session is created when it first visits the website and is destroyed after timeout |
|
Advantages |
High performance |
Session does not rely on the Web server and is not easily lost |
Disadvantages |
Easily lost |
Serialization and deserialization consume CPU resources |
Sequence Serialization and deserialization consume CPU resources, and reading Session from disk is slow. |
Usage Principles |
Do not store Large amounts of data
|
2. Configure Session in web.config
Session configuration information in Web.config file:
<sessionState mode=
cookieless=
timeout=
stateConnectionString=
sqlConnectionString=
stateNetworkTimeout=
/>
Copy after login
Mode sets where to store Session information:
— Off is set to not use the Session function;
— InProc is set to store the Session in the process, This is the storage method in ASP, this is the default value;
—— StateServer is set to store the Session in an independent state service;
—— SQLServer is set to store the Session in SQL Server.
Cookieless Sets where the client's Session information is stored:
- ture Use Cookieless mode; at this time, the Client's Session information is no longer stored using Cookies, but Store it via URL. For example, the URL is http://www.php.cn/(ulqsek45heu3ic2a5zgdl245)/default.aspx
- false Use Cookie mode, which is the default value.
timeout sets the number of minutes after which the server automatically gives up the session information. The default is 20 minutes.
StateConnectionString sets the server name and port number used when storing Session information in the state service, for example: "tcpip=127.0.0.1:42424". This attribute is required when the value of mode is StateServer. (42424 is the default port).
sqlConnectionString Sets the connection string when connecting to SQL Server. For example "data source=localhost;Integrated Security=SSPI;Initial Catalog=northwind". This attribute is required when the value of mode is SQLServer.
StateNetworkTimeout sets the number of idle seconds after which the TCP/IP connection between the Web server and the server that stores the status information is disconnected after using the StateServer mode to store the Session state. The default value is 10 seconds.
Let’s talk about the method of using StateServer and SqlServer to store Session
2.1 StateServer
The first step is to open the status service. Open the "Control Panel" → "Administrative Tools" → "Services" command in order, find the ASP.NET status service, right-click the service and select Start.
If you officially decide to use the state service to store the session, don’t forget to modify the service to self-start (the service can start by itself after the operating system is restarted) to avoid forgetting to start the service and causing the website session to be unable to Use
Step 2, add: stateNetworkTimeout="20"> stateConnectionString represents the communication address of the state server (IP: service port number) in the system.web node. Since we are testing on this machine now, set the local machine address 127.0.0.1 here. The default listening port of the status service is 42422. Of course, you can also modify the port number of the status service by modifying the registry.
(Method to modify the registry to modify the port number of the state service: Enter regedit during operation to start the registry editor - open the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesaspnet_stateParameters node in turn, double-click the Port option - select the base as decimal, and then enter a port number That’s it. )
2.2 SqlServer
Execute a script file called InstallSqlState.sql in SQL Server. This script file will create a database in SQL Server specifically for storing Session information, and a SQL Server Agent job that maintains the Session information database. We can find that file in the following path:
[system drive]\winnt\Microsoft.NET\Framework\[version]\
Then open Query Analyzer and connect to the SQL Server server , open the file just now and execute it. Wait a moment and the database and job will be created. At this time, you can open the Enterprise Manager and see that a new database called ASPState has been added.
Modify the mode value to SQLServer. Note that you also need to modify the value of sqlConnectionString at the same time. The format is: sqlConnectionString="data source=localhost; Integrated Security=SSPI;" (This is through windows integrated authentication)
3. The life cycle of Session
The life cycle of Session has actually been discussed in the first section and is related to different stored procedures.
4. Traverse and destroy Session
4.1 Traversal:
System.Collections.IEnumerator SessionEnum = Session.Keys.GetEnumerator();
(SessionEnum.MoveNext())
{
Response.Write(Session[SessionEnum.Current.ToString()].ToString() + );
}Copy after login
4.2 Destruction: Session.Abandon().
For more tutorials on session storage methods and configuration files, please pay attention to the php Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
