ASP.NET Session State Service
Each DotNetted web server runs the ASP.NET State
Server service locally and it is available for use
with your .NET application.
The service provides persistent sessions beyond an
application restart and should be of interest to anybody
making use of session variables / storage within their
Why do I need Session State ?
All DotNetted customer accounts / web sites run in
their own unique IIS application for maximum security
and reliability - each runs within it's own memory
space and worker process such that the failure of
one application won't affect others running on the
The drawback of this is that the amount of memory
in use on our web servers is many times that of a
traditional 'shared' application server and as such
we have to set a limit on the maximum amount of system
memory each customer account / web site is able to
If / when this limit is reached (many sites never
reach this point) the application worker process is
recycled, this is effectively a restart of that individual
web site which frees up the memory in use and the
cycle starts again. The recycle is seamless and not
noticeable to a visitor to your site.
The problem with application recycling is that any
information currently stored in sessions (using the
default 'InProc' session setting) under that application
will also be lost when the worker process recycles
as this information is stored in the applications
memory which is cleared by the recycle.
The Session State service allows you to change the
setting for your .NET application to instead store
session information in a separate Windows process
outside of the application, this has 2 benefits.
1) The session information will survive an application
restart so should a restart occur whilst you have
a visitor on your site using session variables they
can carry on with their session with no data lost.
2) Since the majority of most applications memory
footprint is in fact session information the individual
memory use of most applications should drop substantially
meaning less likelihood of an application recycle.
Implementing The Service
To change your application from the default In Process
session storage to the State Server service you need
to add / modify your web.config file to include the
Note that the timeout is 20 minutes by default though
this can be changed - please DO
NOT set excessively long timeout values as
this will have the effect of storing large amounts
of data on the State Server service and may affect
the use of the service by all accounts on the server.
Timeouts should NOT be
set in hours - if your users are away from the application
for that length of time make them log back in.
Abuse Of The Session State Service
The State Server service is by it's very definition
open to abuse by users either storing huge amounts
of unnecessary information within sessions or settings
excessively long session timeouts ( like 24 hours
as we have seen in the past ! ).
We would ask that you be sensible in your use of
this service so that it remains viable and usable
for all, accounts found to be abusing the service
will have it withdrawn.
Additional Information On Session
There is an excellent article covering the types
and uses of session in ASP.NET at the following URL