views:

247

answers:

5

In our .NET web app, we have a session object for each logged in user that is around 5-7 kilobytes. The session stores a Dictionary object that contains a couple of classes and the user's authentication token. Does this session size seem too big? I really don't know what a good size is or what good practices I should follow for sessions. Do any of you have ideas? Thanks

+1  A: 

The general industry standard is to reduce it to as low as possible, cache the objects, and store the id's in session to go retrieve them on the next request.

In asp.net in general, there are problems with running a multiple box application and having to store session in the database, and then deserialize it into objects.

If you end up going this way, its more of a hit to have to hit the database for xml and then deserialize it than to hit the record itself.

DevelopingChris
+1  A: 

Only put in the session what is absolutely necessary to be in there. Otherwise, cache it or retrieve it from somewhere else using the ID's you store in the session. If it can go someplace else, chances are that's where it needs to go instead of inside your session object.

TheTXI
I agree completely.
DevelopingChris
I would be careful with caching also. You can run into the same problems there that you would with session.
Rob
+1  A: 

TheTXI and DevelopingChris have provided best practices, but here's the ultimate answer to your headline question: only you can tell if your session is too big. If you're not encountering problems with memory usage on your web servers (or with traffic between webs and state server, if you're using an external state server), your session isn't storing too much; if you are, it is.

Best practices can certainly help you resolve problems when you are, and reduce the chances of them occurring, but if what you have isn't broken you'd probably be better off spending valuable development energy on parts of the code that will affect your users or your maintainability.

DDaviesBrackett
+1  A: 

It's going to depend on your scalability requirements. 5-7K * 1000 concurrent sessions = 57 MB. Assuming you have a decent amount of RAM, you should be fine. That said, you should be very careful about what is being stored in session and avoid storing what isn't absolutely necessary.

Rob
A: 

Not if you need it. You should step through it and see what you can more to the Cache or leave in the database.

craigmoliver