Programming Microsoft ASP.NET 4 - Dino Esposito [363]
Flags
Int
Indicates action flags—initialize items or none—from the SessionStateActions enum.
LockCookie
Int
Indicates the number of times the session was locked—that is, the number of accesses.
LockDate
DateTime
Indicates the time at which the session was locked to add the last item. The value is expressed as the current Universal Time Coordinate (UTC).
LockDateLocal
DateTime
Like the previous item, except that this one expresses the system’s local time.
Locked
bit
Indicates whether the session is currently locked.
SessionItemLong
Image
Nullable field, represents the serialized version of a session longer than 7000 bytes.
SessionItemShort
VarBinary(7000)
Nllable field. It represents the values in the specified session. The layout of the bytes is identical to the layout discussed for StateServer providers. If more than 7000 bytes are needed to serialize the dictionary, the SessionItemLong field is used instead.
Timeout
int
Indicates the timeout of the session in minutes.
The column SessionItemLong, contains a long binary block of data. Although the user always works with image data as if it is a single, long sequence of bytes, the data is not stored in that format. The data is stored in a collection of 8-KB pages that aren’t necessarily located next to each other.
When installing the SQL Server support for sessions, a job is also created to delete expired sessions from the session-state database. The job is named ASPState_Job_ DeleteExpiredSessions, and the default configuration makes it run every minute. You should note that the SQLServerAgent service needs to be running for this to work.
Reverting to the Hosting Identity
The useHostingIdentity attribute (shown in Table 17-8) lets you decide about the identity to use to grant access to the SQL Server table with session state. When the SQLServer state provider is used with integrated security, the identity is the one impersonated by the ASP.NET process. This simplifies the administrative experience for intranet sites, requiring that only the ASP.NET account be granted access to protected and critical resources. The useHostingIdentity attribute defaults to true, which enables you to revert to the ASP.NET identity before making calls to the SQLServer session state provider. This will also happen if a custom provider is used.
Note
If you’re using Windows integrated authentication to access SQL Server, reverting to the host identity is the most recommended option, for security reasons. Otherwise, it is advisable that you create a specific account and grant it only rights to execute session state stored procedures and access related resources.
Session State in a Web Farm Scenario
ASP.NET applications designed to run in a Web farm or Web garden hardware configuration cannot implement an in-process session state. The InProc mode won’t work on a Web farm because a distinct worker process will be running on each connected machine, with each process maintaining its own session state. It doesn’t even work on a Web garden because multiple worker processes will be running on the same machine.
Keeping all states separate from worker processes allows you to partition an application across multiple worker processes even when they’re running on multiple computers. In both Web farm and Web garden scenarios, there can be only one StateServer or SQLServer process to provide session-state management.
If you’re running a Web farm, make sure you have the same Partition resolvers exist to let a session state provider partition its data onto