473,473 Members | 1,893 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

What's Wrong With Sessions?

I've had multiple people tell me that I should avoid using session
variables, wherever possible and suggesting using cookies and context
instead; however, nobody has been able to give me an explanation as to
why. I'm aware of the issue when using kernel cache in IIS 6.0
(http://support.microsoft.com/kb/917072), however, I'm not using output
cache right now.

I greatly prefer session variables to cookies for security reasons, so
this is really bothersome. Can somebody please offer some insight?

Thank you in advance,

--
Sean
Dec 10 '06 #1
4 1307
All session variables are stored in RAM, but using session variables is OK.

The only thing to watch for is that you don't overload your server's
memory resources by loading memory intensive data into session variables.

i.e., if you load a 5MB dataset into a session variable ( an extreme example )
and you have 1,000 visitors to your website before your default session timeout
expires, don't be too surprised if you have server memory exhaustion problems.

Otherwise, go ahead and use them without worry.

Just make sure that the total RAM used by the session variables
doesn't exceed a reasonably low percentage of your server's memory resources.

If you do, your server will recycle the application's process at the configured memory limit.

Even then, you can cushion yourself if you use SQL Server
or State Server to store your session data.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"senfo" <en**********@yahoo.comI-WANT-NO-SPAMwrote in message
news:eI**************@TK2MSFTNGP06.phx.gbl...
I've had multiple people tell me that I should avoid using session variables, wherever possible
and suggesting using cookies and context instead; however, nobody has been able to give me an
explanation as to why. I'm aware of the issue when using kernel cache in IIS 6.0
(http://support.microsoft.com/kb/917072), however, I'm not using output cache right now.

I greatly prefer session variables to cookies for security reasons, so this is really bothersome.
Can somebody please offer some insight?

Thank you in advance,

--
Sean

Dec 10 '06 #2
"senfo" <en**********@yahoo.comI-WANT-NO-SPAMwrote in message
news:eI**************@TK2MSFTNGP06.phx.gbl...
I've had multiple people tell me that I should avoid using session
variables, wherever possible and suggesting using cookies
Well, I would disagree completely and suggest you should NEVER use cookies
unless you absolutely have to...
I greatly prefer session variables to cookies for security reasons, so
this is really bothersome. Can somebody please offer some insight?
I can't really add anything to Juan's reply, other than to say that I agree
with it...
Dec 10 '06 #3
I agree with Juan. The worste side-effect is running out of memory and
having the application recycle, which basically amounts to a restart in
appearance. This can be a giant pain as there's a delay during the recycle
process that may be noticeable.

If you do need to use SessonState, you can improve the performance of the
app by disabling it on pages that don't need it. This was also true in
classic ASP.
--

Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006

"senfo" <en**********@yahoo.comI-WANT-NO-SPAMwrote in message
news:eI**************@TK2MSFTNGP06.phx.gbl...
I've had multiple people tell me that I should avoid using session
variables, wherever possible and suggesting using cookies and context
instead; however, nobody has been able to give me an explanation as to
why. I'm aware of the issue when using kernel cache in IIS 6.0
(http://support.microsoft.com/kb/917072), however, I'm not using output
cache right now.

I greatly prefer session variables to cookies for security reasons, so
this is really bothersome. Can somebody please offer some insight?

Thank you in advance,

--
Sean

Dec 10 '06 #4
senfo wrote:
I've had multiple people tell me that I should avoid using session
variables, wherever possible and suggesting using cookies and context
instead; however, nobody has been able to give me an explanation as to
why. I'm aware of the issue when using kernel cache in IIS 6.0
(http://support.microsoft.com/kb/917072), however, I'm not using output
cache right now.

I greatly prefer session variables to cookies for security reasons, so
this is really bothersome. Can somebody please offer some insight?
Thank you all very much for the replies. That helped to set my mind at
ease.

Just to add for future reference, I did learn about one possible
side-affect, which occurs when you're storing session variables on a
state server (this is obviously because ASP.NET has to read/write at
least once on every postback), however, the overhead can be circumvented
by, as Mark Fitzpatrick mentions, disabling session variables on pages
that don't require them. This can be done using the EnableSessionState
attribute (e.g., <%@ Page EnableSessionState="false" %>).

Reference:
http://msdn.microsoft.com/msdnmag/is...efault.aspx#S5

Thank you again,

--
Sean
Dec 11 '06 #5
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
Sessions. Argh.
by: The Plankmeister | last post by:
Hi... I'm trying my hardest to understand fully how sessions work and how best to use them. However, all I can find is information that doesn't tell me anything other than that sessions store...
Latest Bytes
13
How to differentiate multiple sessions?
by: jing_li | last post by:
Hi, you all, I am a newbee for php and I need your help. One of my coworker and I are both developing a webpage for our project using php. We have a copy of the same files in different location...
Latest Bytes
6
what to do if user forgot to log out?
by: spambox | last post by:
Hello. I have a question about handling special cases of session expiration. In a project I'm working on, the users must log out or else their profile will be left in an unusable state -- at...
Latest Bytes
0
Authoring Panel - 1 of 120 sessions at XML 2005
by: melledge | last post by:
The Reliable Source for Everything XML - XML 2005 Update XML 2005 - November 14-18 - Atlanta Hilton Hotel - Atlanta, GA www.xmlconference.org Register today and participate in IDEAlliance's...
Latest Bytes
1
What causes Application_End?
by: Philipp Schumann | last post by:
In one of my web developments, the Application_End event occurs several times while a user browses the pages. Because I make use of extensive session tracking and also provide a couple of services...
Latest Bytes
8
Using ASP.NET StateServer on another machine. So what?
by: GeekBoy | last post by:
I understand the benefit of pushing the StateServer process onto another computer to "balance" the load and take some cpu and memory usage off the web server, but how much could it possibly help?...
Latest Bytes
15
What is the maximum number of minutes for Session timeout?
by: dee | last post by:
Hi, What is the maximum number of minutes for Session timeout that I can specify in web.config? Thanks. Dee
Latest Bytes
2
Whats wrong with this security script?
by: Nosferatum | last post by:
This script is meant to limit access by sessions, using username and password from mysql db and redirect users after login according to a given value belonging to each user in the db (10,20,30,40)....
Latest Bytes
2
Sessions timeout even with activity, what am I doing wrong?
by: wickedHangover | last post by:
ok, so I have a .net form using c#. I'm using a session variable to store some data while entering items in the form since each time you hit the page it initiates a new session which equals a row in...
Latest Bytes
13
Frinavale
Sessions - How To Pass Information Between Web Pages
by: Frinavale | last post by:
One of the most fundamental topics in web design is understanding how to pass information collected on one web page to another web page. There are many different ways you could do this: Cookies,...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
1
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us