ASP.NET Session State Service

Each DotNetted web server runs the ASP.NET State Server service locally and it is available for use with your .NET application.

The service provides persistent sessions beyond an application restart and should be of interest to anybody making use of session variables / storage within their ASP.NET application.

Why do I need Session State ?

All DotNetted customer accounts / web sites run in their own unique IIS application for maximum security and reliability - each runs within it's own memory space and worker process such that the failure of one application won't affect others running on the same server.

The drawback of this is that the amount of memory in use on our web servers is many times that of a traditional 'shared' application server and as such we have to set a limit on the maximum amount of system memory each customer account / web site is able to consume.

If / when this limit is reached (many sites never reach this point) the application worker process is recycled, this is effectively a restart of that individual web site which frees up the memory in use and the cycle starts again. The recycle is seamless and not noticeable to a visitor to your site.

The Problem

The problem with application recycling is that any information currently stored in sessions (using the default 'InProc' session setting) under that application will also be lost when the worker process recycles as this information is stored in the applications memory which is cleared by the recycle.

The Solution

The Session State service allows you to change the setting for your .NET application to instead store session information in a separate Windows process outside of the application, this has 2 benefits.

1) The session information will survive an application restart so should a restart occur whilst you have a visitor on your site using session variables they can carry on with their session with no data lost.

2) Since the majority of most applications memory footprint is in fact session information the individual memory use of most applications should drop substantially meaning less likelihood of an application recycle.

Implementing The Service

To change your application from the default In Process session storage to the State Server service you need to add / modify your web.config file to include the following :

<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
timeout="20"
/>

Note that the timeout is 20 minutes by default though this can be changed - please DO NOT set excessively long timeout values as this will have the effect of storing large amounts of data on the State Server service and may affect the use of the service by all accounts on the server. Timeouts should NOT be set in hours - if your users are away from the application for that length of time make them log back in.

Abuse Of The Session State Service

The State Server service is by it's very definition open to abuse by users either storing huge amounts of unnecessary information within sessions or settings excessively long session timeouts ( like 24 hours as we have seen in the past ! ).

We would ask that you be sensible in your use of this service so that it remains viable and usable for all, accounts found to be abusing the service will have it withdrawn.

Additional Information On Session State

There is an excellent article covering the types and uses of session in ASP.NET at the following URL :

http://www.eggheadcafe.com/articles/20021016.asp