How much data can/should you store in a users session object?

Question

We have several wizard style form applications on our website where we capture information from the user on each page and then submit to a backend process using a web service.

Unfortunately we can't submit the information in chunks during each form submission so we have to store it the users session until the end of the process and submit it all at the same time.

Is the amount of server memory/sql server disk space the only constraint on how much I can store in users sessions or is there something else I need to consider?

Edit: The site is built on ASP.NET web forms.

Answer 1

If you use a traditional HTTP model (i.e. don't use runat="server") you can post the data to another asp page and place the posted data into hidden form elements, you can do this for however many pages you need thus avoiding placing anything in a session variable.

Answer 2

Assuming the information is not sensitive then you could store the information in a cookie which would reduce the amount of information required to be stored server side. This would also allow you to access the information via JavaScript.

Alternatively you could use the viewstate to store the information although this can lead to large amounts of data being sent between the server and the client and not my preferred solution.

The amount of session information you should store varies wildly depending on the application, number of expected users, server specification etc. To give a more accurate answer would require more information :)

Finally, assuming that the information collected throughout the process is not required from page to page then you could store all the information in a database table and only store the records unique id in the session. As each page is submitted the db record is updated and then on the final page all the information is retrieved and submitted. This is not an idea solution if you need to retrieve previous information on each subsequent page due to the number of db reads required.

Answer 3

You could also have 1 asp page with the entire html form, and hide parts of it until the user fill and "submits" the visible part...

then simply hide the part that is filled out and show the next part of the form...

This would be extremely easy in the .NET framework, use panels for each "wizard step" and add loggic when to display and hide each panel.

you will then have all the data on one page.

Answer 4

Since it is problematic from performance point of view to store large amounts of data in user Session object, ASP.Net provides some other workarounds on top of what is mentioned in the posts above. ASP.NET Profile Provider allows you to persist session related information in a database. You can also use Session State Server which uses a separate server to store all Session information. Both of these situations take into account if you need to use clusters or load balancers, the servers can still recognize the session information across different servers. If you store information in the Http Session object, you run into the problem that one user must always go to the same server for that session.

Answer 5

Session, viewstate, database. These are all slow but will get the job done.

Hidden form fields is the answer I like best.

There are other ways to persist state. Cookies, popup window, frameset or iframes.