Microsoft Dot Net Master

Microsoft Dot Net Master
Microsoft Dot Net Master

Thursday, February 7, 2013

Maximum Limit for Session Timeout


Session variables are something which can hold the information between pages.
In layman term, lets assume that you want to display the username or login name of the user who is visiting your site on all pages. One of the method to do is to use Session variables. Once the user logs into your site you need to save his display name on to a session variable. As session variables would be available in all your pages within your application you can use that variable to display their name anywhere as per your UI design.

In .NET there are 3 modes of storing your session. They are:

1. InProc
2. StateServer
3. SQL Server

* InProc -- Its in-memory storage. Performance wise this is the fastest out of the 3 modes. But if this application crashes or server crashes all the session data would be lost. Similarly if you application is going to hosted in a webfarm scenario then InProc won't work.

* StateServer -- Would come in handy when we think about WebFarm scenarios. We would be having dedicated server which would handle this session states alone. This will be slightly slower when compared with InProc as application needs to talk to a different server all together to fetch the session values. We have a slight advantage that even if your application server crashes or your application crashes your session data's would be safe. Obviously if the StateServer itself crashes then data would also be lost.

* SQLServer State -- Would come in handy when we think about WebFarm scenarios. This would be the slowest of the 3 modes. But this is the safest bet if you are more concerned about the session data security. As you could replicate this Database and keep a mirror copy of it always updated. We can load balance the database and see to it that even if one DB is down we can up the replicated DB and so our Session data's are safe. Obviously this advantage comes at the cost of performance.

Now comes the question how long this value can exist? By default, in ASP.NET its 20 minutes.
As you all know, we can set the session timeout for an application in our web.config itself. But if you were thinking that 90 minutes is the maximum limit we can set for it, then you are wrong. The maximum limit for session timeout is 525,600 minutes -- i.e., 365 days x 24 hours x 60 min. Yep you are right .. its valid for one year.Code: 
In web.config for the sessionState element we would set it like this. sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" 
sqlConnectionString="data source=127.0.0.1;user id=sa;password=" 
cookieless="false" 
timeout="525600"

No comments:

Post a Comment