Using Stateserver Session in ASP.NET web farm

Question

I have created an online shopping website which will be deployed on a web farm. As a result of this, I've decided to use the Stateserver Session Management provided by ASP.NET. Now, I have a login page. After the user logs in successfully I redirect him to the Catalogue page where he can subsequently add books to his shopping cart.

From what I have come to understand, the Session is stored in the form of a key-value pair. So, if I create a Session for a particular user(say his name is "abc") then I would do something like this:

Session["abc"]=tmp; //where tmp is a "List" of items that "abc" has added to the cart

Now after he is redirected to another page, how do I retrieve this session? From what I have read I would have to write:

temp=Session["abc"] 

How do I send this username to another page as a parameter. Since, this is on a web farm the client could be connected to different servers for each request and there could be multiple clients logging in at the same time. So if I create a Session for all of them with their respective usernames as the keys, how can I retrieve their sessions when they are browsing different pages?

I don't think I have understood the exact working of the Session ID, so if someone could help me with that it would be great.

Answer 1

How do I send this username to another page as a parameter.

You don't need to send it. The Session object is not part of the page response, it lives on the server side. Therefore, you may set it on page A and be able to retrieve it on page B using the same code you provided:

Session["abc"]=tmp;

And

temp=Session["abc"] 

So if I create a Session for all of them with their respective usernames as the keys, how can I retrieve their sessions when they are browsing different pages?

You may retrieve it with the same key you used to store the object in the session. As a matter of fact you may use the same key for all users. For example:

username=Session["username"] 

Note: .Net will retrieve the right instance for each object by using a unique identifier that is assigned to each user (the user's SessionId). This however, is transparent to your code.

This question lists a few gotchas when using StateServer Session

Answer 2

If you are not using sticky sessions (meaning that once a session is created, your load balancer will maintain the request always to the same box) then you need to make sure that in your web.config the OutOfProc state provider is configured to point to the IP address of the server running the ASP.NET state service -by default, it points to localhost-

Also, you need to make sure that everything you put in Session is Serializable (i.e. decorate your classes with the [Serializable] attribute)

In my experience, I've always seen sticky sessions being turned on on the load balancer as this is the simplest approach. If sticky sessions are not used, then I'd probably use SQL state provider or something else (some other product that can do de/serialization faster) to handle this.