In this article, we will learn three different ways to work with session management in ASP.NET MVC.
There is no difference in session management with earlier version of asp.net, if you are using Asp.net aspx of earlier version, session in asp.net remain the same.
The Web is stateless, In simple word Session is a temporary memory location where we can hold small amount of data for a certain period of time during user visit on any website, Session is a HttpSessionStateBase object.
Asp.net provide three different way to store session data. InProc, StateServer and SQLServer
Let's look at some example of how we can store data in session object, here at login controller we are storing a user object, which has some user specific data fetched from database.
So after every user logs in we pull username, age, address in "UserObject" from database, now user keep on moving from one page to another page, We can display customized message on every page.
This is how you can add any type of data in current session object.
[HttpPost] public ActionResult login(LoginModel model) { // this is a custome object holding user data Session["userInfo"] = UserObject; return View(); }
Now assume user on mydashboard page, where we want to show a welcome message to user, now we can get the information from session object, we don't need to make any database call.
public ActionResult mydashboard() { UserObject _uobj=Session["userInfo"] as UserObject; return View(); }
We also can use the session object for security purpose, suppose on mydashboard page we want to display user account balance, and if userobject is null or invalid, we simply can redirect user to login page and ask to log in again
You can access session object in your razor view directly this way<div> @{ UserObject _uobj = Session["userInfo"] as UserObject; if (_uobj!=null) { <div>Hello @_uobj.UserFullName</div> } } </div>
This is default Session State modes, in this mode session data gets stored in memory on the web server.
In this mode all session data stored in separate memory called the ASP.NET Service, we can maintain the session data even when application process restarted.
Session data is stored in the SQL Server Database, we can maintain the session data even when application process restarted.
We also can specify custom storage option for session
sessionState mode is specified in web.config, default mode is "InProc", you can also change the time duration.
<system.web> <sessionState mode="InProc" timeout="5" /> </system.web>
We also can also disable the session completely, that will surely increase the performance of the application.
There are different ways we can kill the current session.
Sometimes you may need functionality like Logout and Logout Completely, means you can provide some message after user click logout link, you can tell them they can still login back again (without asking for login credential) or logout completely, like many matrimony site provide.
You can use session end event in global.asax to clean up all session data, also if you want to some event to be executed, can be written here. Normally we don’t use this event.
protected void Session_End(Object sender, EventArgs e) { // Remove user from Session }
You may also read how to handle Session in Asp.Net Core