ASP.NET Session Management [Example]
โก Smart Summary
ASP.NET Session Management lets a stateless HTTP application remember user data across requests. It explains ViewState, the Session object for storing key-value pairs, a working example, session state modes, timeout configuration, and the advantages of session state.
ASP.NET Session Management
The HTTP protocol on which all web applications work is a stateless protocol. By stateless, it just means that information is not retained from one request to another.
For instance, if you had a login page which has 2 textboxes, one for the name and the other for the password. When you click the Login button on that page, the application needs to ensure that the username and password get passed onto the next page.
In ASP.Net, this is done in a variety of ways. The first way is via a concept called ViewState. This is where ASP.Net automatically stores the contents of all the controls. It also ensures this is passed onto the next page. This is done via a property called the ViewState.
It is not ideal for a developer to change anything in the view state. This is because it should be handled by ASP.Net only.
ASP.NET Session object
The other way is to use an object called a “Session Object.” The Session object is available throughout the lifecycle of the application. You can store any number of key-value pairs in the Session object. So on any page, you can store a value in the Session object via the below line of code.
Session["Key"] = value
This stores the value in a Session object, and the ‘key’ part is used to give the value a name. This allows the value to be retrieved at a later point in time. To retrieve a value, you can simply issue the below statement.
Session["Key"]
ASP.NET Session object Example
In our example, we are going to use the Session object to store the name entered in the name textbox field on the page. We are then going to retrieve that value and display it on the page accordingly. Let’s add the below code to the Demo.aspx.cs file.
protected void btnSubmit_Click(object sender, EventArgs e) { Session["Name"] = txtName.Text; Response.Write(Session["Name"]); lblName.Visible = false; txtName.Visible = false; lstLocation.Visible = false; chkC.Visible = false; chkASP.Visible = false; rdMale.Visible = false; rdFemale.Visible = false; btnSubmit.Visible = false; }
Code Explanation:-
- The first line of code takes the value of the Name textbox control and stores it in the Session object. By specifying the code of Session[“Name”], we are giving the property a name called “Name.” By specifying a name for the property, it becomes easier to retrieve it at a later point in time.
- The next line of code retrieves the stored value from the Session object. It then writes this value via the ‘Response.Write’ method back to the client.
- Finally, we make all the controls on the form invisible. If we don’t do this, all the controls plus our response values will be displayed together.
Once you make the above changes, you will see the following output.
Output:
From the output, you can see that the Session value of name was retrieved and displayed in the browser.
ASP.NET Session State Modes
ASP.NET can store session data in several places, called session state modes. The mode you choose affects performance, scalability, and whether data survives an application restart. The table below compares them:
| Mode | Where state is stored | Best for |
|---|---|---|
| InProc | In the web server’s memory (default) | Single-server apps; fastest, but lost on restart |
| StateServer | A separate ASP.NET State Service process | Web farms; survives application restarts |
| SQLServer | A SQL Server database | Web farms needing durable, scalable state |
| Custom | A custom provider you implement | Specialized stores such as Redis |
| Off | Session state disabled | Applications that do not need sessions |
InProc is the default and the fastest, but for load-balanced deployments, StateServer or SQLServer keeps sessions available across multiple servers.
How to Configure Session Timeout in ASP.NET
A session does not last forever; it expires after a period of inactivity. You can set this timeout in the web.config file using the sessionState element, where the timeout value is in minutes:
<configuration> <system.web> <sessionState mode="InProc" timeout="20" /> </system.web> </configuration>
You can also set it in code with Session.Timeout = 30;. The default timeout is 20 minutes. Choosing a shorter timeout frees server memory faster and improves security, while a longer timeout keeps users logged in for longer.
Advantages and Disadvantages of Session State
Session state is convenient, but it has trade-offs you should weigh before relying on it heavily.
Advantages:
- Simple to use for storing per-user data such as a shopping cart or login details.
- Can store complex objects, not just strings.
- Data is kept on the server, so it is more secure than client-side storage.
Disadvantages:
- InProc mode consumes server memory and does not scale across a web farm.
- Session data is lost when the session times out or the application restarts (in InProc mode).
- Storing large amounts of data per user can hurt performance under heavy load.



