Disable for single page of application by setting EnableSessionState page directive to false.
Can make read only for a page by setting EnableSessionState page directive to ReadOnly.
<@ Page Language="C#" EnableSessionState = "False" %>
Cookieless Session State
By default cookies used to track user sessions.
ASP.NE allows for cookieless session state whereby the session is tracked via the query string.
Enable cookieless session tracking via web.config file:
<sessionState cookieless="true" />
Trap session events via Global.asax file.
Two special events:
- Session_Start - raised when user requests page on site and so starts new session. Good place to initialise session variables.
- Session_End - raised when session expires or is abandoned. Note, only raised when state mode set to InProc
Choosing Session State Mode
Memory on server not always best or most scalable place to store session state.
ASP.NET provides several session management modes:
- InProc - session state stored in memory. Default mode for ASP.NET. Not good in load balanced scenarios. Good for simple applications.
- StateServer - session state stored in ASP.NET State Service. Ensures data survives web application restarts and also supports web farms. Service available on any machine capable of running ASP.NET web apps, but is configured to manually start (by default)
- SQLServer - session state stored in SQL Server database. Ensures data survives web application restarts and also supports web farms. Slower than StateServer, but SQL Server offers robust data integrity. Often the hardware running SQL Server will be more powerful than that supporting the StateServer.
- Custom - you need to implement the code providing the custom storage provider.
- Off - disables session state (to improve server performance)
Configuring session state mode
Assign a SessionStateMode enumeration value to the sessionState element in the web.config file for the application. Modes other than InProc and Off require additional parameters, such as connection string values.
Can examine currently set session state via the System.Web.SessionState.HttpSessionState.Mode property.
ASP.NET 4 adds a compressionEnabled attribute that uses GZip to reduce size of session state.