Free Web Development Online Tutorials, Learn to Code
Learn MVC C#, MVC Tutorial for Beginners, Model View Controller

Session Management in MVC Application

Session in MVC

In this article, we will learn three different ways to work with session management in ASP.NET MVC

What is session in MVC
The Web is stateless, In simple word Session is a temporary memory location where we can hold small amount of data for a certain period of time during user visit on any website, Session is a HttpSessionStateBase object. provide three different way to store session data. InProc, StateServer and SQLServer

Let's look at some example of how we can store data in session object, here at login controller we are storing a user object, which has some user specific data fetched from database.

So after every user logs in we pull username, age, address in "UserObject" from database, now user keep on moving from one page to another page, We can display customized message on every page.

How to add data in Session

This is how you can add any type of data in current session object.

public ActionResult login(LoginModel model)
    // this is a custome object holding user data
    Session["userInfo"] = UserObject; 

    return View();
Read data from Session

Now assume user on mydashboard page, where we want to show a welcome message to user, now we can get the information from session object, we don't need to make any database call.

public ActionResult mydashboard()             
    UserObject _uobj=Session["userInfo"] as  UserObject;

    return View();

We also can use the session object for security purpose, suppose on mydashboard page we want to display user account balance, and if userobject is null or invalid, we simply can redirect user to login page and ask to log in again

You can access session object in your razor view directly this way
UserObject _uobj = Session["userInfo"] as UserObject;
if (_uobj!=null)
<div>Hello @_uobj.UserFullName</div>
Different sessionState mode
  • InProc mode

    This is default Session State modes, in this mode session data gets stored in memory on the web server.

  • StateServer (Out-Proc) mode

    In this mode all session data stored in separate memory called the ASP.NET Service, we can maintain the session data even when application process restarted.

  • SQL Server mode

    Session data is stored in the SQL Server Database, we can maintain the session data even when application process restarted.

  • Custom mode

    We also can specify custom storage option for session

sessionState mode is specified in web.config, default mode is "InProc", you can also change the time duration.


<sessionState mode="InProc" timeout="5" />


We also can also disable the session completely, that will surely increase the performance of the application.

How to end session in MVC

There are different ways we can kill the current session.

  • Session.Clear() method will remove all keys and values from the current session
  • Session.Abandon(), will cancel the current session
  • usually we set the particular session key to null (Session["key"] = null;) , so we know wherever we have checked that particular session key value, will surely fail

Sometimes you may need functionality like Logout and Logout Completely, means you can provide some message after user click logout link, you can tell them they can still login back again (without asking for login credential) or logout completely, like many matrimony site provide.

You can use session end event in global.asax to clean up all session data

protected void Session_End(Object sender, EventArgs e)
    // Remove user from HashTable