Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET Session size limitation

Tags:

Is there some kind of Session size limitation or advisable value to not to surpass ?

In my web application I create a few DataTables to store user selections which are stored in session until user approves selections so I add those values to database.

The problem is that I don't know whether session is reliable enough to keep few objects in or not ?

Thanks!

more info

Session size is about 10-20KB max.

like image 295
eugeneK Avatar asked May 16 '10 09:05

eugeneK


People also ask

How big can a session variable be?

As @Thariama said, there's no limit on the number of variables; also, there's no limit on the amount of data you can store in a session (I've seen sessions tens of MB in size).

How much data can a session hold?

Session storage can also accommodate a huge amount of data. Most browsers, including Chrome and Firefox, can store about 10 MBs of data in session storage.

How long do ASP.NET sessions last?

Sessions expire after 20 minutes of inactivity by default, although you can change this behavior, as we'll show shortly. Sessions aren't magic. By default, ASP.NET uses a cookie containing a unique and random ID that it uses to look up the Session object in the ASP.NET server process.


2 Answers

Here's a few notes about Session state:

  • InProc (mode="InProc") session state is limited to the amount of memory available to the worker process. Only object references are stored, not the objects themselves.

Out of process state management serialises objects before persisting them:

  • Out of Process state management using the session state server (mode="StateServer") is limited to the amount of memory available to the state service.

  • Out of Process state management using SQL Server (mode="SQLServer") is bound only by the maximum size of the SQL image data type or the maximum permitted size of the database.

Obviously there still has to be enough memory available to the worker process to be able to pull an out of session object back into memory and re-hydrate for the duration of the http request.

As I mentioned previously, out of process state management serialises objects before persisting them.

This means that objects must be serialisable which excludes, for example, XmlDocument or anything that inherits from MarshalByRef.

Attempting to serialise objects of this sort will result in the following exception:

Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the session state objects, and as a result non-serializable objects or MarshalByRef objects are not permitted. The same restriction applies if similar serialization is done by the custom session state store in 'Custom' mode.

like image 126
Kev Avatar answered Sep 19 '22 23:09

Kev


Yes, it is reliable enough. It just isn't very scalable, so plan ahead. This will totally grind to a halt when you run it on more than 1 server.
And there is sort of a limit: Number-of-concurrent-Users * SizeOf-Session < Available-Mem

It depends of course on the size of the tables, storing a few kB is usually acceptable (although high traffic sites will try to keep it smaller).

If your users can share tables, then you can place that data in the Application object, a great saving.

And a session object is limited to the TimeOut setting, default is 20 min. One way to optimize memory consumption is reducing that, but that is a trade off with user convenience.

like image 28
Henk Holterman Avatar answered Sep 16 '22 23:09

Henk Holterman