Tuesday, 19 February 2008

Using SQL Server for ASP.Net session state

What is session state?
A session is defined as the period of time that a unique user interacts with a Web application. Session state is a collection of objects, tied to a session are stored on a server.

Why and When to use SQL Server for ASP.Net session state?
Once you start running multiple web servers for the same web site, the default asp.net session state, InProc, is no longer useful, as you cannot guarantee that each page request goes to the same server. It becomes necessary to have a central state store that every web server accesses.
SQL Server offers you centralized storage of a session state in a Web farm. You can use SQL Server to save a session. This process is not as efficient as InProc and StateServer mode, because you must store the information in a different process or on a different server. However, this option may be more efficient than using the aspnet_state service, depending on the actual workload and the database configuration. Once you start saving session state to a SQL database it will also persist through web server restarts and reboots.


For reliability you should consider storing session state for a web farm on a SQL cluster.

Creating the database
• Start Query Analyzer, connected to the server you want to use for state storage.
• Open and execute InstallSqlState.sql script file. By default, InstallSqlState.sql is located in one of the following folders; system drive\ Windows\ Microsoft.NET\ Framework\version\
• If you are using trusted connections to connect to your server, you must change ownership of the state database to sa after creation. In Query Analyzer run use ASPState
exec sp_changedbowner 'sa','true'
• If you are using SQL authentication create a user and password for session state to use. At a minimum this user should havepermissions to execute the stored procedures in the ASPState database. You will have to manually set these, or if you're feeling dangerous, give the state user dbo rights to ASPState.


Configuring ASP.Net
To switch ASP.Net to use SQL you must update the element of your application's Web.config file as follows;
• Set the mode attribute of the element to SQLServer.
• Set the sqlConnectionString attribute to specify the connection string to your SQL Server
For example
< sessionstate timeout="20" cookieless="false" mode="SQLServer" sqlconnectionstring="data source=server;user id=uid;password=pwd" >
If you specify “integrated security/trusted connections” in the database connection string (ie. "trusted_connection=true", or "integrated security=sspi"), you cannot use impersonation in asp.net, as your database connection will then run the context of the impersonated user, which will not have rights to the state database.


Timeouts under heavy load
If your web servers are under heavy load it may be useful to increase the time out for session state access. You can add the stateNetworkTimeout attribute to the sessionState settings in web.config and machine.config

< sessionstate statenetworktimeout="15" >
If a Web server or a state server is under stress and cannot complete session accesses on time, event ID 1072 and event ID 1076 may be logged in the event log.


Caveats when using SQL session state
Using SQL is slower than using InProc session state. When storing basic data types (string, int, etc), ASP.Net can take 10%-25% longer to store their values. Complex types take even longer. Of course because you are connecting to a separate server it does use bandwidth on your network.
When using SQL Server mode, objects stored in session state are serialised and deserialised when a request is processed. So any objects which do not support serialisation cannot be stored in session state.


kick it on DotNetKicks.com

No comments:

Post a Comment