What can destroy a session object asp .net?

Question

I work with Session[""] objects in ASP .NET/C# MVC. I do a lot of checking on them, but I ask myself, what can destroy a session object without I specify it ?

I want to be sure that these Session[""] will be intact during some processes and can be only cleared by my instructions or if the user quit the application.

Answer 1

It's dependent on the type of session state you use.

InProc - sessions are destroyed if the web server process shuts down or crashes. The default shutdown time is 20 minutes after the IIS Application Pool is in active. If the IIS Application pool hits its memory limits it will also shutdown, so this is the least recommended approach for session state management.

StateServer - sessions are stored in a separate service on a server. The session will stay active until this service shuts down or is unavailable. It's more reliable than InProc, but if the service shuts down you loose any session data.

SQLServer - sessions are stored in a SQL database. This is the most robust solution and sessions are essentially guaranteed until you destroy them, but it's also the most complex to set up, requiring SQL server and a database.

Custom - Some other method of storing sessions that you would have to specify.

More information on the subject can be found in the links below.

http://msdn.microsoft.com/en-us/library/vstudio/ms178581%28v=vs.100%29.aspx http://msdn.microsoft.com/en-us/library/vstudio/system.web.sessionstate.sessionstatemode%28v=vs.100%29.aspx

Answer 2

If you're using InProc, then a number of things can kill a sessions state. e.g.

• Timeout (this can be set in config)
• AppPool recycle
• Web.Config change
• Server crash

If you need a more durable solution, have a read of this article, and there's a few alternatives in this article too.