3

Our ASP.NET app sends multiple Ajax requests in parallel on the same session. We also read/write to HttpSessionState during some of those requests. What I WANT is for all the concurrent requests to execute in parallel for performance reasons. What I get is they are serialized by ASP.NET. I experimented with configuring enableSessionState="ReadOnly", but this breaks our Forms Authentication.

Is there a way to get both session state AND concurrency in one session? Do I need to use a custom SessionState or Provider? Any samples of this out there?

PS I'm not worried about thread safety when accessing the SessionState - I can do that programmatically.

StuartLC
  • 104,537
  • 17
  • 209
  • 285
Nachiket
  • 511
  • 5
  • 13

1 Answers1

2

From MSDN (link):

However, if two concurrent requests are made for the same session (by using the same SessionID value), the first request gets exclusive access to the session information. The second request executes only after the first request is finished.

So at least for those AJAX calls that require write access to the Session you are out of luck with the default providers.

Not sure if you could get around this using a custom provider.

You can achieve parallell execution for those AJAX calls that do not need access to the session by blocking the ASP.NET_SessionId cookie in an HttpModule. See my answer to this question.

Edit: In order to make this answer more self reliant, I add a slightly modified version of the HttpModule and a bit of discussion (further down). Here's the module code that you can use to prevent Session state from serializing your Ajax calls:

using System; 
using System.Web; 

namespace TestModule 
{ 
    public class TestPreventCookie : IHttpModule 
    { 
        public void Dispose() 
        { 
        } 
        public void Init(HttpApplication application) 
        { 
            application.BeginRequest += 
                (new EventHandler(this.Application_BeginRequest)); 
            application.PostAcquireRequestState += 
                (new EventHandler(this.Application_PostAcquireRequestState)); 

        } 
        private void Application_BeginRequest(Object source, EventArgs e) 
        { 
            //prevent session cookie from reaching the service 
            HttpApplication application = (HttpApplication)source; 
            HttpContext context = application.Context; 
            if (BlockCookie(context)) 
            { 
                context.Request.Cookies.Remove("ASP.NET_SessionId"); 
            } 
        } 
        private void Application_PostAcquireRequestState(Object source, EventArgs e) 
        { 
            HttpApplication application = (HttpApplication)source; 
            HttpContext context = application.Context; 
            if (BlockCookie(context)) 
            { 
                var s = context.Session; 
                if (s != null) 
                    s.Abandon(); 
            } 
        }
        private bool BlockCookie(HttpContext context)
        {
            // put code here that determines if the session cookie should be blocked
            // this could be based on the path of the current request for instance
            // only block the cookie when you *know* that access to the Session is not needed
        }
    } 
}

The idea behind this module is that using some criteria based on the project requirements, we remove the ASP.NET_SessionId cookie from the current context (note, we don't expire it on the client).

This means that further on in the request pipeline, the server will create a new session. In order to prevent this newly created session from destroying the existing ASP.NET_SessionId cookie on the client, we abandon it immediately after it has been created.

The end result is that each request that is "intercepted" by the module will execute as if it had no session.

Community
  • 1
  • 1
user1429080
  • 9,086
  • 4
  • 31
  • 54