0

I am learning something about sessions recently, and so far I understand that sessions and cookies are used on sever side and client side respectively to track the states of a request. And a few threads or instances will be created on server to handle different requests, suppose there are 2 requests A and B from a same client, the session for this client was set within request A by thread 1, request B is handled by another thread thread 2, and obviously the request B can get the info from the session. This means the “sessions” is not stored on a certain thread in this case not stored on thread 1, because request B can also get info stored in “sessions”. So based on the scenario above, here comes my questions:

  1. Where really are the sessions stored ? I’m assuming somewhere that can be accessed by all threads or instances.
  2. What’s the relationship between the “session inventory” and the Application Pool (I am referring to IIS and .Net here)
  3. If I shut down the server and start it again, are all sessions gone ? What techniques are needed if we want to persist the sessions ?
Fan Gao
  • 13
  • 3
  • @Nico There was good information in the answer and some not so good or incorrect. It is very easy to provide more answer than needed and turn a good answer into a bad answer. It is all to easy to "To snatch defeat from the jaws of victory." – zaph Dec 25 '17 at 15:30
  • does this help: https://stackoverflow.com/questions/3804209/what-are-sessions-how-do-they-work – muratgu Dec 25 '17 at 18:52

2 Answers2

0

  1. Session data can be in-memory (on the server), or external. See this for details and options: https://msdn.microsoft.com/en-us/library/h6bb9cz9(VS.71).aspx. Note that it's also possible to customize that mechanism, so that the storage can be totally proprietary.

  2. I never heard of anything called "session inventory". If you relate this to ASP.NET's session management, it's got little to do with IIS application pools. Application pool is what manages your application, while it's running within IIS. Some more information you can find here: https://learn.microsoft.com/en-us/iis/configuration/system.applicationhost/applicationpools/

  3. If your application is configured to store session data in memory (which is the default), then, when application restarts, all that data is gone (and users previously issued those session-id's won't be recognized after restart). So, to solve that problem, we typically like to use external session storage. Session-state server is a good option, or the database. It's easy to configure. See this for steps: https://msdn.microsoft.com/en-us/library/ms178586.aspx

Hari Lubovac
  • 106
  • 4
0

Short to the point! (I presume you are talking about Native session. Neither session-state server not database-session)

  1. Sessions are stored in Web Server memory.
  2. Let me explain with example. Obvious that your website need to be hosted in IIS. How if you want to host 3 websites which have .net 2.0, 3.5 and 4? That is where application pool comes. Install those .net 3 different version to IIS. Create 3 different application pools with .net 2.0, 3.5 and 4 respectively and set your 3 websites correctly. Note that same application pool can be shared with multiple websites.
  3. All sessions will be gone not only shutdown server but also IIS restarted. If you need persist sessions, use session-state server or database-session manager.
Mike
  • 721
  • 7
  • 13