ASP.NET State Management

Published on Wednesday, August 10, 2011

HTTP protocol is a stateless protocol. So ASP.NET need to manage the state. ASP.NET comes with built-in supports for state management both at the server and client side.

Server Side State Management

State information can be managed using Application, Session or Cache objects;

Application Object:

Application object can store the information for all users who are using the application.


private static readonly Object lockObj = new Object();

protect void Page_Load(object sender, EventArgs e) 
       Application["GlobalString"] = "This is Globlal String"; 

Session Object:

Session activate during the connectivity between a client and a server application. Session object is used to store user-specific data;

You can use cookies or cookieless session.

SessionID is stored inside cookies if you use cookies for session, otherwise, SessionID is embedded in the URL itself.

    <sessionState cookieless="false" /> 

Session State Storage Modes:

There are 3 storage modes: InProc, State Server and SQL Server storage modes (we call State Server and SQL Server mode are OutProc mode also).


Session Data is stored in ASP.NET worker process, it is the fastest mode. but if data is large, the performace will be affected a lot.

State Server:

Using a stand-alone Microsoft Windows service (independent of IIS). the session state is serialized and stored in memory in a separate process managed by aspnet_state.exe file.
State Server can be on a different system.

If you want to use state server, you should set in web.config file.

Using SQL Server

Session data is serialized and stored in a database table in SQL Server DB.
To use SQL Server mode, execute the InstallSQLState.sql file, the file located at System drive\Windows Directory\Microsoft.NET\Framework\Version,

How to choose:

If site runs on a single server, better choose the InProce mode; if web farms are using, the OutProc mode is better;

Session config:

  <sessionState mode="Inproc" cookieless = "false" timeout="20" /> 

Enable / Disable Session State:

For a page:  In Page directive

<%@ Page EnableSessionState="False" %>

For an Application:

<pages enableSessionState="false" /> 

Cache Object:

Storing frequently used but relatively stale data in main memory using cache object;

Client Side State Management

There are 4 kinds of Client State Management: ViewState, Hidden Fields, Query Strings, Cookies;

ViewState: ViewStaet is used to maintain the state of an ASP.NET paeg as it moves back and forth. ViewState does not hold the page’s control; rather, it holds the control IDs and their corresponding values that would otherwise have been lost due to a postback to the web server. So, ViewState represents the state of a page when it was last processed on the web server.

(above content is a note of reading book: ASP.NET 4.0 Programming by Joydip Kanjilal)