Set Session TimeOut In ASP.NET

We can Set or Manage Session Timeout in Following ways:

  

1.      Set Session TimeOut in Web.Config

We can set session timeout in SessionState section of web.config file as mentioned below, timeout value is in minutes.

<system.web>

    <sessionState mode="InProc" cookieless="false" timeout="15">

    </sessionState>

</system.web>

  

2.      Set session timeout in Global.asax

void Session_Start(object sender, EventArgs e)

{

  // Code that runs when a new session is started

  Session.Timeout = 15;

}

Session State Management

Session state can be configured using the <sessionState> section in the application's web.config file. Hence, we can increase the default Session timeout value to our desired value using the following statement in the web.config file.

    <sessionState  
    mode = <"inproc" | "sqlserver" | "stateserver">
    cookieless = <"true" | "false">
    timeout = <positive integer indicating the session timeout in minutes>
    sqlconnectionstring = <SQL connection string that is only used in the SQLServer mode>
    server = <The server name that is only required when the mode is State Server>
     port = <The port number that is only required when the mode is State Server>
/>

The following section discusses each of the settings shown in Listing 1 earlier, in detail.

Mode: This setting supports three options.  They are inproc, sqlserver, and stateserver.

ASP.NET supports two modes: in process and out of process.

There are also two options for out-of-process state management:

1. Memory based (stateserver) and 
2. SQL Server based (sqlserver).

Cookieless: This setting takes a boolean value of either true or false to indicate whether the Session is a cookieless one.

Timeout: This indicates the Session timeout vale in minutes.  This is the duration for which a user's session is active.  Note that the session timeout is a sliding value; on each request the timeout period is set to the current time plus the timeout value.

SqlConnectionString: This identifies the database connection string that names the database used for mode sqlserver.

Server: In the out-of-process mode stateserver, it names the server that is running the required Windows NT service: ASPState.

Port: This identifies the port number that corresponds to the server setting for mode State Server.  Note that a port is an unsigned integer that uniquely identifies a process running over a network.

As Stated Earlier, Session state in ASP.NET can be stored in one of the following three ways.

1. InProc
2. State Server
3. SQL Server
   
   
   Storing Session State in the InProc Mode
   
   
   The InProc mode of Session State storage is the fastest among all of the storage modes available and stores the Session data in the ASP.NET worker process.  In this case, if the amount of data that is stored in the Session is large, performance would be drastically affected.  In the InProc mode of Session state storage, the session state is stored in the memory space of an application domain and is volatile.  In this case, the session state will be lost if the ASP.NET worker process named aspnet_wp.exe recycles or if the application domain restarts.  The Session State here entirely depends on the lifetime of the application domain that it runs on.  Note that the Session_End event which is fired internally by the web server is supported only in InProc mode. Note that even if the Session State is set to read only using the EnableSessionState attribute, in the InProc mode one can still modify the session.  The Session_OnEnd event is invoked by the runtime environment when we make a call to the Session.Abandon() method or when the user's session times out.  Further, any change made in the settings in the web.config file unloads the application domain and the Session State too.
   
   
   Storing Session State in a State Server
   
   
   The StateServer mode uses a stand-alone Microsoft Windows service that is independent of IIS and can run on a separate server.  In the State Server mode of Session State storage, the session state is serialized and stored in memory in a separate process that is managed by the aspnet_state.exe file.  Note that State Server can be on a different system.  This storage mode has some performance drawbacks due to the overhead involved in serialization and de-serialization of objects.  Note that the ASP.NET State Service is like any other NT/2000 service and runs as its own process and has its own memory space.
   The following is the required setting in the web.config file to store the Session State in the State Server mode.
   <sessionState 

         mode="StateServer"

         stateConnectionString="tcpip=127.0.0.1:42424"

         sqlConnectionString="data source= 127.0.0.1;user id=   joydip; password=joydip"

         cookieless="false" timeout="20"

   />
   The primary advantage of storing the Session State in a State Server is that it is not in the same process as the ASP.NET and a crash of ASP.NET would in no way destroy the session data. Secondly, this mode of Session State storage enables to share the information across a web garden or a web farm.
   The main disadvantage, however, is that this mode is slow compared to the InProc mode as it is stored in an external process.
   
   
   Storing Session State using SQL Server
   
   
   The SQL Server mode of Session State storage offers a reliable, secure and centralized storage of a session state with transactional facilities.  In this storage mode, the Session data is serialized and stored in a database table in the SQL Server database.  It can typically be used in the web farms.  In the SQL Server mode of Session State storage, the session state is serialized and stored in the SQL Server.  It has performance bottlenecks as in the State Server mode of Session State storage due to the overhead involved in serialization and de-serialization of the objects that are stored and retrieved to and from the Session.  SQL Server is more secure than the InProc or the State server modes of Session State storages as the data can be secured easily by configuring the SQL Server security.
   The InstallSqlState.sql file has to be located in the system and executed.  This would create the necessary database and tables in the tempdb database to store the Session data.  To remove all the databases and the tables created earlier using the InstallSqlState.sql file, the UninstallSQLState.sql file can be used.  The web.config file has to be modified accordingly.  The following is the required setting in the web.config file to store the Session State in the SQL Server mode.
   
   
   <sessionState 

         mode="SQLServer"

         sqlConnectionString="data source=server;user id=joydip;

         password=joydip"

         cookieless="false" timeout="20" 

   />
   
   

State Management in ASP.NET

As we know that Http is an State-Less Protocol which is required for interaction between client and server. So there is a need to remember state of request raised by an web browser so that web server can recognize you have already previously visited or not.

Web pages rarely be stand alone. Web applications almost always need to track users who visits multiple pages, whether to provide personalization, store information about a user or to track usage for reporting purposes.

The Purpose of State Management:

State management is the process by which you maintain state and page information over multiple requests for the same or different pages.

Types of State Management

There are 2 types State Management:

1. Client – Side State Management
2. Server – Side State Management   

Interview Questions Of ASP.NET - I

Que. 1. Explain the Life Cycle of an ASP.NET page?

Ans. 

Following are the events occur during ASP.NET Page Life Cycle:

1. Page_PreInit
2. Page_InitPage_InitComplete
3. Page_PreLoad
4. Page_Load
5. Control Events
6. Page_LoadComplete
7. Page_PreRender
8. SaveViewState
9. Page_Render
10. Page_Unload

Note : Among above events Page_Render is the only event which is raised by page. So we can't write code for this event. 

Que. 2 . How does the cookies work in asp.net?  

Ans. 

As we know that Http is an State-Less Protocol which is required for interaction between client and server .
So there is a need to remember state of request raised by an web browser so that web server can recognize you have already previously visited or not.

There are two types of State Management Techniques:

• Client side state management
• Server - side state management

Using cookies comes under client side state management. In HttpResponse we write
Cookie containing sessionId and other information within it.

When a browser made a request to the web server the same cookie is sent to the server where server recognize the session id and get other information stored to it previously.

Que. 3. What is boxing and unboxing?

Ans.

Boxing is that happens when a value-type object is assigned to a reference-type variable.

Unboxing is what happens when a reference-type variable is assigned to a value-type variable.

            For Eg.

            int foo = 42; // Value type.
            object bar = foo; // foo is boxed to bar.
            int foo2 = (int)bar; // Unboxed back to value type.

 Note :Boxing is may be Implicit whenever unboxing is explicit conversion.

  

Que. 4. What is Url-Rewriting?

 Ans.
 URL rewriting is the process of intercepting an incoming Web request and redirecting the request to a different resource. When performing URL rewriting, typically the URL being requested is checked and, based on its value, the request is redirected to a different URL.
For eg. i want to access http://mywebsite.com/college.aspx?id=12 now by i want url to be http://mywebsite.com/college/12 displayed.
That can be do by Url Rewriting.

Que. 5. What are Inproc and Outproc?

 Ans.

Session state can be configured using the <sessionState> section in the application's web.config file. Hence, we can increase the default Session timeout value to our desired value using the following statement in the web.config file.

    <sessionState  
    mode = <"inproc" | "sqlserver" | "stateserver">
    cookieless = <"true" | "false">
    timeout = <positive integer indicating the session timeout in minutes>
    sqlconnectionstring = <SQL connection string that is only used in the SQLServer mode>
    server = <The server name that is only required when the mode is State Server>
     port = <The port number that is only required when the mode is State Server>
/>

The following section discusses each of the settings shown in Listing 1 earlier, in detail.

Mode: This setting supports three options.  They are inproc, sqlserver, and stateserver.

ASP.NET supports two modes: in process and out of process.

There are also two options for out-of-process state management:

1. Memory based (stateserver) and 
2. SQL Server based (sqlserver).

Cookieless: This setting takes a boolean value of either true or false to indicate whether the Session is a cookieless one.

Timeout: This indicates the Session timeout vale in minutes.  This is the duration for which a user's session is active.  Note that the session timeout is a sliding value; on each request the timeout period is set to the current time plus the timeout value.

SqlConnectionString: This identifies the database connection string that names the database used for mode sqlserver.

Server: In the out-of-process mode stateserver, it names the server that is running the required Windows NT service: ASPState.

Port: This identifies the port number that corresponds to the server setting for mode State Server.  Note that a port is an unsigned integer that uniquely identifies a process running over a network.

As Stated Earlier, Session state in ASP.NET can be stored in one of the following three ways.

1. InProc
2. State Server
3. SQL Server