Search code examples
asp.netsession-state

In a multi web server farm, how does session state work?

CASE 1: StateServer

<system.web>
   <sessionState     mode="StateServer"     stateConnectionString="tcpip=127.0.0.1:42626"     sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"     cookieless="false"     timeout="20"   />
 ... 
</system.web>

CASE 2: SQL Server

<sessionState   mode="SQLServer"   stateConnectionString="tcpip=127.0.0.1:42626"   sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"   cookieless="false"   timeout="20" />

Question: 1. In case 1 and 2 appropriate location of sql or state server have to be configured in web.config for each of the web server in farm.

  1. Can we have some servers configured as state and some as sql?

  2. Can we have some cookieless and some as withcookie

  3. Suppose if we use only <sessionState cookieless="true" />, then by default which of the modes is used? Can this be done in a multiserver farm, or is it necessary to specify the IP?

Solution

  • 1.) Can we have some servers configured as state and some as sql?

    No, you should not. Suppose when a user makes a request, then one of the server from your Web Farm will store the session in a StateServer. now in case the same user makes another request ( by clicking some links etc...), then image what will happen if your load balancer send this request to the 2nd Web server ? There will be NO session for the same user as you configured SqlServer mode for the same and the session for the user was stored on a state server on First request.

    2.) Can we have some cookieless and some as withcookie ?

    Again NO, for a very similar understanding as pointed above. One of the server will use cookies to track the session and the other one Cookieless ( hence URI ) to track the same session and thus, if the request gets forwarded to different servers, NO session will be detected.

    3.) Suppose if we use only <sessionState cookieless="true" />, then by default which of the modes is used? Can this be done in a multiserver farm, or is it necessary to specify the IP?

    Understand that this setting: cookieless="true|false", is just used to TRACK the session for a Particular user between the Client side and server side.

    The Actual session DATA is there stored on SqlServer/State Server, which is defined in your mode settings as:

    <sessionState  mode="StateServer|SqlServer" ... />

    if you don't specify any mode setting, default value of InProc is used.

    Additional Note: The Cookie or the URI have a SessionID associated with them. SessionID is a unique string, used to TRACK individual visitor between visits to website.

    As a result of cookieless="true", SessionID will be embedded in all page URLs. The drawback is that you'll end up with ugly URLs, which are not so good for SEO (search engine optimization) and visitor definitely will not remember it. Here is an example URL of website which uses ASP.NET cookieless sessions:

    http://samplewebsite.com/(45f8c4zyybphaw2mt3dfgnjk4j)/Home.aspx

    Bolded part represents session id, which is used to recognize a visitor.