|
|
"Whether you think you can or whether you think you can't, you're right!"
|
|
--
Henry Ford
|
|
Out of the box, ASP.NET has three options for maintaining session state (all
are done through an HTTP module). The default is InProc (the session data is
stored in the processes' memory space), the other two are State Server and SQL
Server. Each has strengths and weaknesses that cater to various web
environments.
The StructureTooBig.StateManager classes offer a fourth way to manage state in
a web application. Here are some advantages and disadvantages of each:
|
InProc |
| Advantages |
• Fast. Adding/retrieving objects is a boxing/unboxing operation of the object
-- this is by far the fastest method.
• Flexible. Any type can be added into the Session collection since all types
are objects; the other methods require serialization.
|
| Disdvantages |
• Single server only. It's impossible to share session data across multiple
servers in a farm, so it's generally not feasible in multiple server
situations.
• State is tied to the process. If IIS is restarted or the worker process
recycles, session state is lost. This may happen somewhat frequently depending
on the environment.
|
|
State Server |
| Advantages |
• State is not tied to IIS or the worker process. Resets or recycles will not
cause session state to be lost.
• The state server can generally be any server in the network, so it can
support several web servers.
|
| Disdvantages |
• All objects stored in state must be serializable.
• Not as performant as InProc.
• Requires a state server (often a stand alone server); increases dependencies
and points of failure.
• Doesn't scale for large websites that are geographically load balanced.
|
|
SQL Server |
| Advantages |
• State is not tied to IIS or the worker process. Resets or recycles will not
cause session state to be lost.
• More scalable than a State Server, able to handle a larger and more
distributed web infrastructure.
• For websites with an existing SQL Server implementation, implementing this
option may not require any additional hardware.
|
| Disdvantages |
• All objects stored in state must be serializable.
• Not as performant as InProc or a StateServer.
• Requires a SQL Server with the headroom to support a potentially large load.
• For large sites (especially geographically distributed sites) scalability is
still limited and may be complicated to maintain between farms (i.e.,
replication).
|
|
StructureTooBig State Module |
| Advantages |
• State is not tied to IIS or the worker process. Resets or recycles will not
cause session state to be lost.
• Most scalable solution -- able to handle a theoretical unlimited number of
servers. Performance remains constant from 1 to N servers.
• Requires no additional hardware to implement, generally has the lightest
resource requirements compared to the other state management methods.
• More performant than SQL state, with the potential to be considerably more
performant than other options depending on the configuration.
• Greater flexibility over session timeout, and the option to persist selected
elements indefinitely.
• Easy to add custom types -- intellisense friendly and cleaner to use.
• Can be used in conjunction with other state solutions (such as InProc and SQL
Server) to allow for implementation and mitigating scalability issues with the
other state solutions.
|
| Disdvantages |
• All objects stored in state must be serializable.
• Maximum data stored in session limited to 4k per user (max cookie size).
• Larger attack surface for sensitive data stored in session. (Integrated
encryption is available and recommended.)
• For single, dedicated IIS servers, performance of InProc and StateServer is
generally superior in the default configuration.
|
|
|