Buiding ASP.NET application without Session State?

views:

278

answers:

+4 Q:

Buiding ASP.NET application without Session State?

I just finished watching Stefan Schackow's PDC 2009 session and he mentioned that he is surprised that people are still using Session State in ASP.NET. Session State is even used internally in ASP.NET MVC.

Having worked with a legacy application where everything is put into a "in-proc" session (even datatables!), I've seen session abuse first-hand.

Is there a way to build an ASP.NET application without session state? How would you store information for each step of a typical e-commerce workflow?

+2 A:

I haven't used a session in years. If you need to track a user's progress between pages (say, through a cart checkout process), store whatever state information you require in a database and relate it back to the user with a cookie.

It's worth noting that .NET supports different "session" mechanisms, one of which stores the information in a database (much preferred in my opinion) instead of in-proc.

David Lively 2009-11-22 02:21:49

How scalable is your solution in a high traffic environment? Will read/write session object from a database for each web request be a performance problem?

Herman 2009-11-23 01:52:10

The short answer to that question is "try it and see." however, we're using SQL for session management on a relatively high-traffic site and haven't seen any performance issues. Remember that the DB is designed for this sort of things -fast, light queries and answers. I'd be very surprised if you managed to bog down a decent database server with this approach.

David Lively 2009-11-23 02:19:37

http://odetocode.com/articles/440.aspx

Sergey 2009-11-23 02:36:07

Check out ASP.NET Membership Profiles. It allows you to serialize and store/retrieve objects per user account, regardless of whether the user is anonymous or not. I've been able to use this successfully with lengthy wizard-type online applications.

Sergey 2009-11-22 02:22:24

Due to its nature (stored in a hidden form field), viewstate doesn't work cross-page.

Kyle Trauberman 2009-11-22 02:31:27

You're right. Not sure what i was thinking.

Sergey 2009-11-22 04:17:44

Care to explain why the downvote? I mean, David Lively suggested the same darn thing after i wrote this and i get a downvote?

Sergey 2009-11-23 02:32:35

I am not sure what you suggested what you suggested is the same as the one from David Lively. Notice I didn't ask anything about membership profiles, my question is much border than that.

Herman 2009-11-23 15:25:50

I'm not sure what to say. You asked how to handle data other than putting it into session. I said there is an existing framework that comes bundled with ASP.NET 2.0 that allows you to serialize that data and store it in the database. Isn't that what the other post was about? I guess I'm just not understanding why i got the downvote in the first place. If you don't agree with the suggestion, at least leave a comment when you downvote. Thanks for clarifying later on though.

Sergey 2009-11-24 03:05:00

+1 A:

You've got the following options: cookies, database, querystring, page variables, and server cache to try to handle the stateless session of the web. Each has its own tradeoff, but pragmatically speaking I currently use session that gets stored in the db. This scales well for server farms, helps to keep your pagesize small, and is easy to implement.

Trent 2009-11-22 02:58:22

ansaurus

tags:

views:

answers:

Buiding ASP.NET application without Session State?

related questions