Alternatives to using session variables in ASP.NET (including MVC)

views:

532

answers:

+1 Q:

Alternatives to using session variables in ASP.NET (including MVC)

I apologize if this has been asked before, but I haven't quite found the specific question I have in my head.

For the website I am building (using ASP.NET MVC) - performance is an important feature. Also, there is a chance that the site could be hosted in an environment where the Application Pool gets recycled every 20 minutes (or sooner if the memory threshold is reached). I would like to be completely independent of relying on session variables and instead, store a GUID-like value in a cookie. My reasoning is - I don't know how long the session will last because of the AppPool recycling and don't want their session to timeout prematurely and cause them to have to login repeatedly.

The GUID value in the cookie would act as a lookup key to a table where I store session-like information (a user ID value, etc.). So if I needed that data I could retrieve it from the database. I would still make use of the Session_OnEnd event to clear out that session table of rows with a "last activity" value of more than 20 minutes old (or however long sessions are configured to last). So I guess I would still be using session state, just not session variables.

My concern though, again, is about performance. Therefore, I was curious if there are any better methods for avoiding use of session variables while still maintaining the ability to know things about who the user is and manage their visits to the site in a "session-like" way. I am still a newbie to MVC but have plenty of experience in ASP.NET over the years so, I hope my question makes sense!

EDIT: I'm kind of shying away from wanting to use SQL Session State because I will likely be in a shared sql server hosting environment and don't think I will have a login with the ability to create/run jobs if necessary for deletion of expired sql session data, etc. Are there any real drawbacks to depending on Session_OnEnd with a cookie in the AppPool recycling scenario? Could Session_OnEnd not execute for sessions that are current when the AppPool recycles?

+4 A:

You are assuming Sessions are only stored in the working process, you can have SQL State sessions, check this link before going any further

F.Aquino 2009-12-08 18:50:36

Otherwise known as SQL and Cookies.

madcolor 2009-12-08 18:55:32

+1: you don't have to roll your own database if you go with the SQL State persistence

Dave Swersky 2009-12-08 18:55:58

http://www.dbazine.com/sql/sql-articles/cook9

madcolor 2009-12-08 19:06:42

I knew of SQL Session State - I guess I've just believed the FUD I've heard regarding it not performing that well. Is it an option if performance is important?

jamauss 2009-12-08 19:07:52

Any call to SQL will be slower than a call to sys memory.

madcolor 2009-12-08 19:08:58

SQL state is slower than in-process, but I guess my question about that is, by how much?

jamauss 2009-12-08 19:11:41

http://stackoverflow.com/questions/1447175/sqlserver-vs-stateserver-for-asp-net-session-state-performance

madcolor 2009-12-08 19:18:25

how can something be slower when the comparison is ruled out? it was said pools recycling constantly, persisting after reboots, that makes SQL State Management the fat cool kid in the block. By the way, Session_OnEnd does not work with SQL State Management http://stackoverflow.com/questions/1445803/in-process-session-state-mode-is-only-mode-that-supports-sessiononend-event

F.Aquino 2009-12-08 19:26:43

I assume if Session_OnEnd does not work with SQL State then something manages the deletion of session info from the SQL State schema tables?

jamauss 2009-12-08 19:45:18

I believe a SQL job is part of the package which deletes expired sessions.

madcolor 2009-12-08 19:58:39

+1 A:

Using a database to provide "durable" persistence across web farms/gardens is a common technique. There are also distributed caching systems that can be used to make session state data available across servers and reboots.

For example, one of the distributed systems I've seen uses UDP to share session data across multiple servers. I would expect there is some performance benefit with distributed cache because the data is stored in memory on the servers, so there is no database lookup.

Dave Swersky 2009-12-08 18:52:24

+1 A:

If you cannot use in-process state, you'll have to revert to an external repository, which will likely be the database.

So why not having the session state stored in the DB? There's built-in support for that, and it solves the recycling issue effectively, while keeping an acceptable performance if the session state is kept small.

Lucero 2009-12-08 18:52:49

"the session state is kept small" - what is your definition of that? The number of session variables less than 2? 10?

jamauss 2009-12-08 19:08:53

Not the absolute number, but their type. When they aren't in process, they need to be serializable, so you should pay attention that the serialized object graph is small.

Lucero 2009-12-08 19:40:40

I would only be using simple types - String, DateTime, Int, etc. Which are all serializable types, right?

jamauss 2009-12-08 19:46:58

Right, and those are pretty cheap actually (assuming you don't store arrays with many elements).

Lucero 2009-12-08 21:00:09

Look into a custom caching mechanism. Like you said you cannot use session variables as it sounds like your web site will be load balanced? Sessions may change due to the recycling off the app pool. You also don't want the over head of View State (you could use this but it will impact performance).

There are three key differences between Caching and the other mentioned models:

Caching is thread safe
Items in cache are removed automatically
Items in cache support dependencies

JonH 2009-12-08 18:52:57

ansaurus

tags:

views:

answers:

Alternatives to using session variables in ASP.NET (including MVC)

related questions