Session State in web

List of Attributes Used to Maintain Session State in web.config file

Configuration settings required for your entire C# or ASP.NET application can be recorded in a single configuration file called web.config. This file includes many settings like authentication, authorization, custom errors and many others. In this article, you are going to analyze <sessionState> section present in <system.web> section of web.config file.

Before getting into <sessionState> section, you have to understand the purpose of sessions in .NET application. Assume that your application has many inter-related pages. User is feeding in details on a page and proceeding with the next page. After doing few other set of transactions, User revisits the page which was visited earlier. What will the User expect? User will expect the data entered at the earlier point of time to be retained. How do you maintain such User specific state and data? There are three ways of maintaining User specific state. They are session state, view state, cookie state. Most reliable, flexible and efficient approach among these three is the session state.

When User starts interacting with your application, unique session id will be generated. All the data accessed by the User will be recorded in the session and it can be fetched at any point of time. Session will be active until the User interacts with the application and in addition, a timeout period can also be set.

You can configure session state related information in web.config file using <sessionState> section. This section contains the following attributes:

Attribute Name

Purpose of Attribute

Eligible Values and Constraints mode

To mention where the session state has to be stored

* InProc

* StateServer

* SQLServer

* Custom

* Off


Determine whether to pass the sessionId using cookies or using URL mangling.

* true

* false


This attribute specifies the session timeout value in minutes. Default timeout value of a session is 20 minutes. This value is a sliding value. Assume that you define timeout as 30 minutes. When you make a request, the timeout value will be 30 + current time and it will decrement from that value for every minute. When another request comes from the same User, the timeout value will be changed again. Hence the session remains active till the User interacts with the application. Even after that, the session remains active till the timeout period expires.

Any integer value representing timeout in minutes.


Used only when the mode is set to StateServer. It mentions the connection string through which you can connect to state service.

Valid Connection String containing Server Name and Port Number.


This attribute is used only when the mode is SQLServer. It refers to the connection string for the SQL Server database in which sessions have to be stored.

Valid Connection String connecting to SQL Server database.


This attribute is used only when the mode is set to Custom. This attribute refers to the custom provider instance in which the session data has to be recorded.

Valid provider that is mentioned in the <providers> sub element.


This is a sub-element of sessionState. It specifies the provider information that has to be used when custom is the mode.

Name of the Provider should be same as the name specified in <customProvider> tag.


Please be aware that the free essay that you were just reading was not written by us. This essay, and all of the others available to view on the website, were provided to us by students in exchange for services that we offer. This relationship helps our students to get an even better deal while also contributing to the biggest free essay resource in the UK!