tags:

views:

329

answers:

8
+3  Q: 

Should I use ASP.NET sessions or avoid them and why?

Should I use ASP.NET sessions or avoid them and why?

+1  A: 

For intranet applications, i use them (but not much, really).

For external applications, use them if you want but only if you've got a single server.

For big apps with heaps of users, and multiple web servers behind a proxy balancer, you probably should start thinking of how to build your site to avoid using them. The best option i personally would use is storing encrypted data in the users cookie.

Chris  2009-03-20 04:56:43
A: 

I try to avoid sessions, but not to the point that it's detrimental to the application. Let's face it, some designs are better with sessions than trying to circumvent them. In general though, I don't use them for stuff I can easily store elsewhere.

Chris  2009-03-20 04:59:55
+1  A: 

ASP.NET Session State FAQ this will answer the positive aspects of what having session vaiables, etc... have.. I try to avoid them for some things and others I use them for..so a answer to a question like this varies

TStamper  2009-03-20 05:00:24
A: 

ASP.NET's session management is good so don't make a rod for your own back by trying to avoid using it. ASP.NET's session management capabilities scale up quite well to provide a number of different solutions depending on your needs. You should also keep an eye on Microsoft's Velocity project.

Kev

Kev  2009-03-20 06:25:49
A: 

Use them if you must. In small uses its a easy enough way to transfer data between pages , but never stick controls into the session especially between pages , you are just going to open yourself to a world of hurt.

RC1140  2009-03-20 06:30:33
+1  A: 

I use session variables often, but not for big sized objects. Problem with the session variables is that you can forget to clear them when you finish your work, you you can hardcode it's key everywhere in your code. for these reasons I encapsulate session variables in a object that I call sessionvariables. and access them over it. when I need to clear them I define a method in my object to clear all variables over session.

Instead of viewstate or querystring it fits best for most cases that I faced.

Canavar  2009-03-20 06:39:51
+1  A: 

For new applications, I try to avoid them and just prefer an encrypted or signed cookie. This is admittedly just a new-found personal preference: Just because it's one more thing to break, and after working to keep a site up 24/7/365 for two years, it's the only thing that has broken in a head-scratching, mysterious way. It's also easy to forget to add [Serializable] on your objects and watch them blow up at runtime when they try to get stored in an out-of-proc session. So it's another gear to grind, so to speak.

That said, I've been using sessions for years without any significant issues other than just having to worry about keeping the session store up and running all the time. If you're InProc, you have to worry about sessions getting zapped every time the app pool restarts, and it can cause the worker process memory usage to balloon, which is another downside; with one of the other methods, it's nice to be able to release a point update to the Web site and not affect any customer's current states.

(I personally haven't seen problems with scaling out sessions, even on multiple servers. But then again I work for a small business [about 3 page views/second]. I figure you're usually talking to the database anyway for something, the cost of fetching the session is in that wash.)

So using sessions isn't a bad choice, you just have to remember not to get carried away with it. Think of it as a server-side cookie, trying to limit yourself to an artificial 4KB or so barrier. For existing applications I certainly don't bother un-sessionizing them, but in general I now prefer to keep it simple and try to do without.

Nicholas Piasecki  2009-03-20 06:52:24
InProc sessions scale quite well. We run shared hosting boxes with ~1200 sites each and shared app pools and with all sorts of session abuse going on, but we never really hit any problems. Your point about app pool resets is very valid.
Kev  2009-03-20 16:16:51
A: 

I use them quite often for small objects but over time I've eventually built a simple layer that sits on top of the session, it handles things like clearing the session and casting to the right type, managing the keys. This also stops clashes happening.

There are somethings that I cannot store in the query string and somethings I do not want stored in the view state. All that's really left is the session.

TWith2Sugars  2009-03-20 08:37:29

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps