Wednesday, July 27, 2016

Using a SQL Server database as an ASP.NET session store

Whenever possible I prefer a stateless design, but sometimes using some session state can make your life so much easier. And we like easy right? This week I had to upgrade some old ASP.NET MVC applications to be able to move them to Azure. The only thing I had to do was to reconfigure the session state(which was in memory) to a persistent store(SQL Server in this case).

As it was a long time ago, I didn’t remember the involved steps. So here is a quick summary:

  • Open a Visual Studio Developer Command Prompt
  • Execute the following command:
    • C:\Program Files (x86)\Microsoft Visual Studio 11.0>aspnet_regsql -sstype c -ssadd –d <databasename>–S <servername>-U <userid> -P <password>
    • In our case we wanted to use a separate database(and not TempDB which is the default), so therefore we had to specify some extra parameters.
  • Update your web.config
    • <sessionstate mode="SQLServer" timeout="20" allowcustomsqldatabase="true" sqlconnectionstring="Data Source=<servername>;Initial Catalog=<databasename>; User ID=<UserID>;Password=<Password>;" cookieless="false">
  • That’s it!

For more information, have a look at https://msdn.microsoft.com/en-us/library/ms229862.aspx.

Some extra steps are required to make it work for multiple servers:

  • Have same application path on all web servers.
  • Use same machine key on all web servers. Machine key is used for encryption/decryption of session cookies. If machine keys are different, one server can't decrypt session cookie saved by other servers, so sessions could not be read.

Remark: You can also use the SQL Server In Memory OLTP instead of a ‘normal’ database. More information: https://www.sitepoint.com/sql-server-in-memory-oltp-as-asp-net-session-state-provider/

No comments: