Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Session objects in MVC, Is it really bad?

I am proposing to use a simple session object in a MVC3 to maintain state data like RecordIds rather than pass them through all the client side pages which will be a hassle. It seems far simpler to just populate the session object the once until no longer in use.

So is this acceptable practice or a cheat??

Many thanks.

like image 356
SamJolly Avatar asked Apr 08 '13 11:04

SamJolly


People also ask

Can we use session in MVC?

By default, Asp.Net MVC support session state. Session is used to store data values across requests. Whether you store some data values with in the session or not Asp.Net MVC must manage the session state for all the controllers in your application that is time consuming.

Is it necessary to create session object?

For external applications, you must create a Session object, if you do not have an Entity object. If you want to use the AdminSession object, the same rule applies.

Are session variables bad?

Session variables are a necessary evil in most ASP. NET MVC applications. They are 'necessary' because: http is a stateless protocol but websites cannot be realistically stateless.

What are the main disadvantages of using session in a web application?

Disadvantages: 1. Performance overhead in case of large number of user, because of session data stored in server memory. 2. Overhead involved in serializing and De-Serializing session data because in case of StateServer and SQLServer session mode we need to serialize the object before store.


2 Answers

Like everything in developer's life, using session is a trade-off, and a IMHO it is usually a bad one.

Session state not only causes load on server that tends to grow and creates scalability barrier (both problems can be - partially - solved with storing session variables with state server or sql server), it has a by-design quirk that not everybody is aware of: It maintains a read-write lock on the session. (http://msdn.microsoft.com/en-us/library/ms178581(v=vs.100).aspx)

This means that by default, no two concurrent request can be made by the same user. This behavior is asp.net related (not just asp.net MVC), however since asp.net MVC really encourages you to go down the ajax road, you will see this problem much more often).

You can bypass these problems by smartly using readonly session state or selectively disabling it, but from my experience that creates development overhead, since that attribute can only be declared on class scope, and not for specific action methods, which leads you to break apart logical units that would normally lie together.

In conclusion, your honor, asp.net session state default behavior is problematic. Avoid using it if possible.

like image 105
motime Avatar answered Oct 13 '22 20:10

motime


There's nothing wrong with using Session objects. Generally people avoid them to reduce the load on the server; but if you're careful and don't try to put lots of data in there and don't have too many (how many is too many depends on your server) then it is an acceptable practice.

For some info on the potential drawbacks of using sessions check out the answer to Still ok to use Session variables in ASP.NET mvc, or is there a better alternative for some things (like a cart)

like image 32
Simon Martin Avatar answered Oct 13 '22 18:10

Simon Martin