In our .NET web app, we have a session object for each logged in user that is around 5-7 kilobytes. The session stores a Dictionary object that contains a couple of classes and the user's authentication token. Does this session size seem too big? I really don't know what a good size is or what good practices I should follow for sessions. Do any of you have ideas? Thanks
+1
A:
The general industry standard is to reduce it to as low as possible, cache the objects, and store the id's in session to go retrieve them on the next request.
In asp.net in general, there are problems with running a multiple box application and having to store session in the database, and then deserialize it into objects.
If you end up going this way, its more of a hit to have to hit the database for xml and then deserialize it than to hit the record itself.
DevelopingChris
2009-06-10 16:40:26
+1
A:
Only put in the session what is absolutely necessary to be in there. Otherwise, cache it or retrieve it from somewhere else using the ID's you store in the session. If it can go someplace else, chances are that's where it needs to go instead of inside your session object.
TheTXI
2009-06-10 16:41:36
I agree completely.
DevelopingChris
2009-06-10 16:43:41
I would be careful with caching also. You can run into the same problems there that you would with session.
Rob
2009-06-10 16:58:33
+1
A:
TheTXI and DevelopingChris have provided best practices, but here's the ultimate answer to your headline question: only you can tell if your session is too big. If you're not encountering problems with memory usage on your web servers (or with traffic between webs and state server, if you're using an external state server), your session isn't storing too much; if you are, it is.
Best practices can certainly help you resolve problems when you are, and reduce the chances of them occurring, but if what you have isn't broken you'd probably be better off spending valuable development energy on parts of the code that will affect your users or your maintainability.
DDaviesBrackett
2009-06-10 16:48:39
+1
A:
It's going to depend on your scalability requirements. 5-7K * 1000 concurrent sessions = 57 MB. Assuming you have a decent amount of RAM, you should be fine. That said, you should be very careful about what is being stored in session and avoid storing what isn't absolutely necessary.
Rob
2009-06-10 16:49:37
A:
Not if you need it. You should step through it and see what you can more to the Cache or leave in the database.
craigmoliver
2009-06-10 16:50:13