Asp.net Session State

Session state is used to maintain data for an individual user for the duration of their interaction with a web site. Our application used an “InProc” session, which maintained state in memory. This made development painful because a recompile forced a new login to the web site. We changed to an “SQLServer” session which solved the login problem; you can just carry on where you are after a recompile. Asp.net, Session State, web.config, Sql Server.

Session State is defined in the web.config file:

<configuration>
  <system.web>
    <sessionState mode="InProc"/>

Possible modes are:

  • InProc: stores session state in memory on the Web server. (Default).
  • StateServer: stores session state in a separate process called the ASP.NET state service. This preserves state if the Web application is restarted and also works in a server farm model.
  • SQLServer: State is preserved in Sql Server.
  • Custom
  • Off

To configure SQLServer mode:

  • In web.config:
    <sessionState mode="SQLServer" sqlConnectionString="Data Source=(local);Integrated Security=SSPI;"/>
    
  • From a VS Cmd Line, create a database ‘ASPState’ for storing the data:
    aspnet_regsql.exe -S (local) -E -ssadd -sstype p
    
  • In Sql Server:
    • Add login NT AUTHORITY\NETWORK SERVICE
    • Give this user mapping to the ASPState database
    • And add roles db_owner, public

I’m using the IIS 6 web server. The asp.net process, w3wp.exe, by default runs as NETWORK SERVICE. On IIS 5, the ASP.NET worker process, Aspnet_wp.exe, runs as the ASPNET account by default. So in the steps above, if you’re using IIS 5, you will have to tweak the database login.