Tuesday 4 November 2014

Session state management Interview Questions

What is state management?

State management is the process by which you maintain state and page information over multiple requests for the same or different pages.

Http is stateless, what does this mean?

Stateless protocol is a communications protocol that treats each request as an independent transaction that is unrelated to any previous request so that the communication consists of independent pairs of requests and responses.

What is Session?

 We know that Http is stateless, means when we open a webpage and fill some information and then move to next page then the data which we have entered will lost.
It happed do to Http protocol stateless nature. So here session come into existence, Session provide us the way of storing data in server memory. So you can store your page data into server
memory and retrieve it back during page post backs.

What are the Advantage and disadvantage of Session?

Advantages: 

Session provides us the way of maintain user state/data.
It is very easy to implement.
One big advantage of session is that we can store any kind of object in it. : E.g. database, dataset... etc.
By using session we don't need to worry about data collesp, because it stores every client data separately.
Session is secure and transparent from the user.

Disadvantages:

Performance overhead in case of large volumes of data/user, because session data is stored in server memory.
Overhead involved in serializing and de-serializing session data, because in the case of State Server and SQLServer session modes, we need to serialize the objects before storing them.

What is Session ID in Asp.net?

 Asp.Net use 120 bit identifier to track each session. This is secure enough and can't be reverse engineered. When client communicate with server, only session id is transmitted, between them. When client request for data, ASP.NET looks on to session ID and retrieves corresponding data.

By default where the sessions ID's are stored?

By default, the unique identifier for a session is stored in a non-expiring session cookie in the browser. You can specify that session identifiers not be stored in a cookie by setting the cookieless attribute to true in the sessionState configuration element.
We can also configure our application to store it in the url by specifying a "cookieless" session
The ASP Session cookie has this format:-
ASPSESSIONIDACSSDCCC=APHELKLDMNKNIOJONJACDHFN


Where does session stored if cookie is disabled on client’s machine?

If you want to disable the use of cookies in your ASP.NET application and still make use of session state, you can configure your application to store the session identifier in the URL instead of a cookie by setting the cookieless attribute of the sessionState configuration element to true, or to UseUri, in the Web.config file for your application.
The following code example shows a Web.config file that configures session state to use cookieless session identifiers.
Code:
<configuration>
  <system.web>
    <sessionState
      cookieless="true"
      regenerateExpiredSessionId="true"
      timeout="30" />
  </system.web>
</configuration>


Can you describe all the property set in web.config under session state?
Ans:
Code:
<configuration>
  <sessionstate
      mode="inproc"
      cookieless="false"
      timeout="20"
      sqlconnectionstring="data source=127.0.0.1;user id=<user id>;password=<password>"
      server="127.0.0.1"
      port="42424"
  />
</configuration>

Mode: The mode setting supports three options: inproc, sqlserver, and stateserver. As stated earlier, ASP.NET supports two modes: in process and out of process. There are also two options for out-of-process state management: memory based (stateserver), and SQL Server based (sqlserver). We'll discuss implementing these options shortly.
Cookieless: The cookieless option for ASP.NET is configured with this simple Boolean setting.
Timeout: This option controls the length of time a session is considered valid. The session timeout is a sliding value; on each request the timeout period is set to the current time plus the timeout value
Sqlconnectionstring: The sqlconnectionstring identifies the database connection string that names the database used for mode sqlserver.
Server: In the out-of-process mode stateserver, it names the server that is running the required Windows NT service: ASPState.
Port: The port setting, which accompanies the server setting, identifies the port number that corresponds to the server setting for mode stateserver.

What are Session Events?

There are two types of session events available in ASP.NET:

Session_Start
Session_End
You can handle both these events in the global.asax file of your web application. When a new session initiates, the session_start event is raised, and the Session_End event raised when a session is abandoned or expires.

How you can disable session?

If we set session Mode="off" in web.config, session will be disabled in the application. For this, we need to configure web.config the following way:
Code:
<configuration>
  <sessionstate  Mode="off"/>
</configuration>

What are the session modes available in asp.net?

Off
InProc
StateServer(Out-Proc)
SQLServer
Custom

What is the default session modes in asp.net?

 InProc

what are the disadvantages of using InProc session mode?

Its stores session information in the current Application Domain.
So it will lose data if we restart the server.

Session_End() event is supported by which session mode only?

Session_End() event is supported by InProc mode only.

What do you understand by StateServer(Out-Proc) mode?

StateServer session mode is also called Out-Proc session mode. StateServer uses a stand-alone Windows Service which is independent of IIS and can also be run on a separate server. This session state is totally managed by aspnet_state.exe. This server may run on the same system, but it's outside of the main application domain where your web application is running. This means if you restart your ASP.NET process, your session data will still be alive.

Under StateServer(Out-Proc) mode the session state is managed by?

aspnet_state.exe

What are the advantages and disadvantages of StateServer(Out-Proc) Session mode?

 Advantages:
It keeps data separate from IIS so any issues with IIS will not hamper session data.
It is useful in web farm and web garden scenarios.
Disadvantages:
Process is slow due to serialization and de-serialization.
State Server always needs to be up and running.



Under SQLServer Session Mode where the session data store?

 In SQLServersession mode, session data is serialized and stored in A SQL Server database.

What is the big disadvantage of SqlServer Session mode?

The main disadvantage of SqlServer Session mode storage method is the overhead related with data serialization and de-serialization.

What are the advantages and disadvantages of SqlServer Session mode?

Advantages:

Session data not affected if we restart IIS.
The most reliable and secure session management.
It keeps data located centrally, is easily accessible from other applications.
Very useful in web farms and web garden scenarios.

Disadvantages:

Processing is very slow in nature.
Object serialization and de-serialization creates overhead for the application.
As the session data is handled in a different server, we have to take care of SQL Server. It should be always up and running.

6 comments: