Importance
*********
HTTP is stateless, means that the web pages don’t know if the requests are
from the same client and pages are recreated and destroyed every trip to the
server. Therefore, state management is important for web applications.
Methods
*******
All data that needs to be available to the application across different requests
within the same session is called session state or session state data. For
storing such data between requests, there are in general two possibilities:
· Sending the state information back to the client. With the next
request the current state is transmitted to the server again.
· Keeping the necessary data structures on the server. No session
data (except the referencing identifier) is transmitted to the client.
Drawbacks of managing state information in client
**************************************
· Sending the session state data back to the client is generally not
recommended. From a security perspective, the main problem is
that the session state can easily be manipulated on the client side if
it is not protected appropriately.
· In scenarios where session state information must be transmitted
back to the client, it is generally possible to sign all transmitted
session state information in order to prevent changes on the client
side. When the server receives session state information within
requests from the client, it can check the signature in order to verify
that the data was not altered.
· A functional drawback is that the size of the information that can be
stored by round-tripping it to the client side is limited through the
available bandwidth. For session state data that consists of only a
few bytes this does not matter. However, in scenarios with larger
session state data structures, re-transmitting them with each request
becomes impractical.
State management in server
*********************
Keeping the session state strictly on the server is the recommended solution.
· Session state is stored in the server RAM.
· Session state is serialized and written to a persistent storage.
· Storing mechanism for session is irrelevant from a session
management security point of view.
· Ensure that the session state information is sufficiently protected
against illegal access on the server side.
Session IDs
*********
Typically, the process of managing the state of a web-based client is through
the use of session IDs. Session IDs are used by the application to uniquely
identify a client browser, while background (server-side) processes are used
to associate the session ID with the existing state of the user. Session state
management is a key element of Web application design. ASP.NET contains
a session state support service that is flexible and scalable.
REGARDS
PRADEEP Y
|
| Author: Gaurav Arora 30 Jan 2009 | Member Level: Diamond Points : 2 |
State Managment
The State or Cache Management is nothing but the way to storing the data in Client-Side and in Server-Side using preity small memory.
There are two major category of the above :
Server-Side State Management
Session State: Its nothing but defined as a period of time shared between the web application and user. Every user has individual session. Items/Objects can be placed into the Session which would only define these object for that user. Session contains key variables which help to identify the related values. This can be thought of as a hash table. Each user would represent a different key node in the hash identifying unique values. The Session variables will be clear by the application which can clear it, as well as through the timeout property in the web config file. Usually the timeout is 20 minutes by default.
Session Variables are stored on the server, can hold any type of data including references, they are similar to global variables in a windows application and use HTTP cookies to store a key with which to locate user's session variables.
The collection of session variables is indexed by the name of the variable or by an integer index. Session variables are created by referring to the session variable by name. You do not have to declare a session variable or explicitly add it to the collection.
Lets get it cleared from following example:
Session[“firstName”] = “Gaurav” //User’s first name
Session[“lastName”] = “Arora” //User’s last name
// Clear the session variable
Session[“FirstName”] = null;
//Clear all Session variables
Session.Abandon();
InProc—Stores Session state in the same process as the ASP.NET process [aspnet_wp.exe].
StateServer—Stores Session state in a Windows NT process, which is distinct from the ASP.NET process[aspnet_state.exe].
SQLServer—Stores Session state in a SQL Server database.
Both in StateServer and SQLServer options, we need to ensure that the objects we cache are serializable as data storages are out-of-process systems. Both these options have impact on the application performance as data retrieval and saving operations take more time when compared to the InProc option. So based on our application requirement we should choose the option that best suits our requirement.
Note:
By default, ASP.NET session state is enabled for all ASP.NET applications.
|
| Author: Miss Meetu Choudhary 11 Feb 2009 | Member Level: Diamond Points : 2 |
State Management is defined as the management of the state of one or more user interface controls such as textboxes, buttons, etc in a Graphical User Interface. In UI programming technique, the state of UI control depends on the state of other UI controls. For example, a state managed UI control such as a command button will be in its enabled state when input fields or the text fields have valid values and the button will be in the disabled state if the input fields are empty or have invalid values.
In ASP.NET applications, hosted in a web server are accessed over the stateless HTTP protocol. As such, if the application uses state full interaction, it has to implement state management on its own. ASP.NET provides various functionality for state management in ASP.NET applications.
Some of them are
Application state
A collection of user-defined variables which are shared by an ASP.NET application are termed as Application state. When the Application_OnStart event fires at the time of loading of the first instance of the applications these variables are set and initialized and are available till the last instance of the application exits. To access the Application state variables the Applications collection is used, which provides a wrapper for the application state variables.
Session state
A collection of user-defined session variables are termed as Session state, which are persevered during a user session. These variables are accessed using a Session Collection. These variables have a unique instance to different instances of a user session for the application. Session variables can be set to automatically destroyed after a definite period of inactive time, irrespective of the session state whether session ends or not. At the client side, a user session is identified either by a cookie or by encoding the session ID in the URL.
ASP.NET supports three modes of persistence for session variables:
In Process Mode
These session variables are maintained within the process of ASP.NET Applications. This is the fastest way, however, in this mode the variables are destroyed when the process is recycled or shut down. This mode is not recommended for critical applications as the application is recycled from time to time.
ASPState Mode
In this mode, A separate Windows service is run by ASP.NET, Which maintains the state variables. This has a negative impact on performance as the state management happens outside the ASP.NET process,on the other hand it allows multiple ASP.NET instances to share the same server state, thus allowing an ASP.NET application to be load-balanced and scaled out on multiple servers.As state management service runs independent from ASP.NET, variables can persist across ASP.NET process shutdowns.
SqlServer Mode
In this mode, the state variables are stored in a database, which are accessible using SQL or SQL Queries. Variables can be persisted across ASP.NET process shutdowns. The advantage of SqlServer mode is it allows the application to balance load on a server cluster while sharing sessions between servers.
View state
Mechanism to manage the state at the page-level is refereed as View state, that is utilized by the HTML pages by ASP.NET applications to maintain the state of the web form controls. The encoded state of the controls are sent to the server at time of form submission in a hidden field known as __VIEWSTATE. The server returns the value back of the variable so that when the page is re-rendered, the controls render at their last state.
Other
Other means of state management that are supported by ASP.NET are cookies, caching, and using the query string.
|