Posted by: savagerider | September 9, 2007

Managing State

HTTP protocol is a stateless protocol. Information is not maintained from one page to another page. In this case it is not possible to keep continuity of user information on website.

Server-state Management 

Store state information on server side which has higher security. 

1. Application State

State information is available to all users of the web application. It makes use of  HttpApplicationState class for application state. Generally, data that is common to all users and does not change often will stay on Application State.

Since more than one user is able to access and modify the Application data at the same time, it is necessary for us to have a mechanism to handle concurrent issues. We could use

Application.Lock(); // to lock the application data, prevent it from updating

Application["TestValue"] = 123 ;

Application.Unlock();// unlock it, allow other to update it.

2. Session State

Maintain the state information for each user of a specific session. It makes use of HttpSessionState class for each active Web Application session. Generally, sensitive data and short-lived variables are stored in session state. This is useful when session state is used in web farm / web garden configuration.

An unique sessionID (120 bits) is assigned to session for identification purpose. Default session timeout is 20 mins, it is configurable in web.config, <sessionState timeout=”10″ />

Session is used to access related property or method from Session state value. There are two ways to add new session data.

i. Session["variable1"] = value;

ii. Session.Add(“variable1″,value);

We can create an instance of HttpSessionState and assign the current  session to it.

HttpSessionState currentState ;

currentState = Session; // or Page.Session;

Cookieless Session

SessionID from active session is stored in cookie, If cookie is disable on client browser, sessionID is lost on every request since HTTP is a stateless protocol.

With <sessionState cookieless = “false”/> is set in web.config. We will keep the sessionID in the QueryString. You will expect the following url appearing in the browser.

http://localhost/sessionState/(o2ikbu45ih4b0e2mftef3myl)/WebForm1.aspx 

In this case, it is not possible to use absolute URL to link the page.  

 3. Database Server/ State Server

Maintain state information on database or state server which has fault tolerance but there is a performance trade-off.

These ways allow us to avoid get into in-process situation, where we could allow multiple server to access the state information instead of only one server storing and accessing the information.

We could either use stateServer or sqlServer database to store the state session data. With the following syntax in web.config.

< sessionState mode=”SQLServer” sqlConnectionString=”data source=SQLServerName Integrated security=true”/>

The above syntax is using SQL Server to store session data in database. After inidicating SQLServer is used in web.config, we need to install the ASPState database into SQL Server. We can achieve that by executing the following line under the directory of C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322InstallSqlState.sql is the script to create ASPState and tempdb.

Ensure that ASPNET account has the access to the StoredProcedure in database ASPState.

C:\> OSQL SQLServerName -E <InstallSqlState.sql

You will expect ASPState and tempdb database are created in the sql server.

Client-state Management

Store state information on client side which has lower security but much faster if compare to server state management. 

1. Cookies

There are 2 ways to store data into cookies.

1. using HttpCookieCollection

HttpCookie objCookie = new HttpCookie(“testWeb”);objCookie.Values.Add(“Name”,”John”);

objCookie.Expires = DateTime.Now.AddDays(1);

Response.Cookies.Add(objCookie);

2. using Response directly 

Response.Cookies["testweb"]["Name"] = “Peter”;

Regardless of which method you use, the result is the same. To retrieve the cookies value simply use the following syntax:

HttpCookie obj = Request.Cookies["testWeb"];

Label1.Text = obj.Values["Name"];

Temporary cookies (Default). This kind of cookies is removed when browser is shut down. 

Permanent cookies. This kind of cookies is stored on hard dish with the file name of username@domainname.txt. The max size is 4 KB only.

2. ViewState

This state information is stored on hidden field on rendered html page. For good performance it is better to turn it off if it is not necessary.

3. QueryString

Keep state information on the QueryString in URL.

Global.asax

This file is stored in virtual root of the web application, there is only one global.asax located in a web application.

There are three types of events in global.asax.

1. Request Event

Events are fired when a page is requested.

[Application_BeginRequest, Application_AuthenticateRequest, ..... ]

2. Response Event

Events are fired when response is sent to the server

[Application_PostRequestHandlerExecute, Application_ReleaseRequestState, Application_UpdateRequestCache, Application_EndRequest]

3. Conditional Event

Events may or may not be raised during the processing of a request.

[Application_Start, Application_End, Session_Start, Session_End, Application_Error]

Posted in asp.net

«
»

Leave a response






Your response:

Categories