ASP.NET Session State

Session state is used to maintain data for an individual user for the duration of their interaction with a web site. Our application used an "InProc" session, which maintained state in memory. This made development painful because a recompile forced a new login to the web site. We changed to an "SQLServer" session which solved the login problem; you can just carry on where you are after a recompile.

Session State is defined in the web.config file:

<configuration>
  <system.web>
    <sessionState mode="InProc"/>

Possible modes are:

• InProc: stores session state in memory on the Web server. (Default).
• StateServer: stores session state in a separate process called the ASP.NET state service. This preserves state if the Web application is restarted and also works in a server farm model.
• SQLServer: State is preserved in SQL Server.
• Custom
• Off

To configure SQLServer mode:

• In web.config:
  

  
  <sessionState mode="SQLServer" sqlConnectionString="Data Source=(local);Integrated Security=SSPI;"/>
  
  

• From a Visual Studio Command Line, create a database 'ASPState' for storing the data:
  

  
  aspnet_regsql.exe -S (local) -E -ssadd -sstype p
  
  

• In SQL Server:
  • Add login NT AUTHORITY\NETWORK SERVICE
  • Give this user mapping to the ASPState database
  • And add roles db_owner, public

These instructions work for the IIS 6 web server. In IIS 6 the ASP.NET process, w3wp.exe, runs as NETWORK SERVICE by default. You will have to consult google if you are using a different version of IIS, since I think the permissions will be different.