Export (0) Print
Expand All

HttpSessionState Class

Provides access to session-state values as well as session-level settings and lifetime management methods.

System.Object
  System.Web.SessionState.HttpSessionState

Namespace:  System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)

public sealed class HttpSessionState : ICollection, 
	IEnumerable

The HttpSessionState type exposes the following members.

  NameDescription
Public propertyCodePageGets or sets the character-set identifier for the current session.
Public propertyContentsGets a reference to the current session-state object.
Public propertyCookieModeGets a value that indicates whether the application is configured for cookieless sessions.
Public propertyCountGets the number of items in the session-state collection.
Public propertyIsCookielessGets a value indicating whether the session ID is embedded in the URL or stored in an HTTP cookie.
Public propertyIsNewSessionGets a value indicating whether the session was created with the current request.
Public propertyIsReadOnlyGets a value indicating whether the session is read-only.
Public propertyIsSynchronizedGets a value indicating whether access to the collection of session-state values is synchronized (thread safe).
Public propertyItem[Int32]Gets or sets a session value by numerical index.
Public propertyItem[String]Gets or sets a session value by name.
Public propertyKeysGets a collection of the keys for all values stored in the session-state collection.
Public propertyLCIDGets or sets the locale identifier (LCID) of the current session.
Public propertyModeGets the current session-state mode.
Public propertySessionIDGets the unique identifier for the session.
Public propertyStaticObjectsGets a collection of objects declared by <object Runat="Server" Scope="Session"/> tags within the ASP.NET application file Global.asax.
Public propertySyncRootGets an object that can be used to synchronize access to the collection of session-state values.
Public propertyTimeoutGets and sets the amount of time, in minutes, allowed between requests before the session-state provider terminates the session.
Top

  NameDescription
Public methodAbandonCancels the current session.
Public methodAddAdds a new item to the session-state collection.
Public methodClearRemoves all keys and values from the session-state collection.
Public methodCopyToCopies the collection of session-state values to a one-dimensional array, starting at the specified index in the array.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetEnumeratorReturns an enumerator that can be used to read all the session-state variable names in the current session.
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodRemoveDeletes an item from the session-state collection.
Public methodRemoveAllRemoves all keys and values from the session-state collection.
Public methodRemoveAtDeletes an item at a specified index from the session-state collection.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

  NameDescription
Public Extension MethodAsParallelEnables parallelization of a query. (Defined by ParallelEnumerable.)
Public Extension MethodAsQueryableConverts an IEnumerable to an IQueryable. (Defined by Queryable.)
Public Extension MethodCast<TResult>Casts the elements of an IEnumerable to the specified type. (Defined by Enumerable.)
Public Extension MethodOfType<TResult>Filters the elements of an IEnumerable based on a specified type. (Defined by Enumerable.)
Top

ASP.NET provides session-state management to enable you to store information associated with a unique browser session across multiple requests. You can store a collection of values referenced by a key name or by numerical index. Access to session values and functionality is available using the HttpSessionState class, which is accessible through the Session property of the current HttpContext, or the Session property of the Page.

Session data is associated with a specific browser session using a unique identifier. By default, this identifier is stored in a non-expiring session cookie in the browser, but you can also configure your application to store the session identifier in the URL by setting the cookieless attribute to true or UseUri in the sessionState element of your application configuration. You can have ASP.NET determine whether cookies are supported by the browser by specifying a value of UseDeviceProfile for the cookieless attribute. You can also have ASP.NET determine whether cookies are enabled for the browser by specifying a value of AutoDetect for the cookieless attribute. If cookies are supported when UseDeviceProfile is specified, or enabled when AutoDetect is specified, then the session identifier will be stored in a cookie; otherwise the session identifier will be stored in the URL.

Sessions are started during the first request and session values will persist as long as a new request is made by the browser before the number of minutes specified in the Timeout property pass. When a new session begins, the session Start event is raised. You can use this event to perform any additional work at the start of a session, such as setting default session values. When a session times out, the Abandon method is called, or the ASP.NET application is shut down, the session End event is raised. You can use this event to perform any necessary cleanup. The End event is raised only when the session state mode is set to InProc.

To improve performance, sessions that use cookies do not allocate session storage until data is actually stored in the Session object. For more information, see the SessionID property.

Session state does not persist across ASP.NET application boundaries. If a browser navigates to another application, the session information is not available to the new application.

Session values are stored in memory on the Web server, by default. You can also store session values in a SQL Server database, an ASP.NET state server, or a custom server. This enables you to preserve session values in cases where the ASP.NET or IIS process or the ASP.NET application restarts and to make session values available across all the servers in a Web farm. This behavior is configured by setting the mode attribute to a valid SessionStateMode value in the sessionState element of your application configuration. For more information, see Session-State Modes.

Alternatives to session state include application state (see the Application property) and the ASP.NET cache (see the System.Web.Caching namespace), which store variables that can be accessed by all users of an ASP.NET application; the ASP.NET profile (see the System.Web.Profile namespace), which persists user values in a data store without expiring them using a time-out; ASP.NET System.Web.UI.WebControls, which persist control values in the ViewState; Cookies; the QueryString property; and fields on an HTML form that are available from an HTTP POST using the Form collection. For more details on the differences between session state and other state-management alternatives, see ASP.NET State Management Recommendations.

TopicLocation
How to: Read Values from Session StateBuilding ASP .NET Web Applications
How to: Sample Session-State Store ProviderBuilding ASP .NET Web Applications
How to: Save Values in Session StateBuilding ASP .NET Web Applications
How to: Read Values from Session StateBuilding ASP .NET Web Applications
How to: Sample Session-State Store ProviderBuilding ASP .NET Web Applications
How to: Save Values in Session StateBuilding ASP .NET Web Applications

The following code example sets and retrieves values from session state.

Security noteSecurity Note

This example has a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Collections" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
  public void Page_Load(object sender, EventArgs args)
  {
    if (!IsPostBack)
    {
      if (Session["address"] == null)
      {
        enterUserInfoPanel.Visible = true;
        userInfoPanel.Visible = false;
      }
      else
      {
        enterUserInfoPanel.Visible = false;
        userInfoPanel.Visible = true;

        SetLabels();
      }
    }
  }

  protected void SetLabels()
  {
    firstNameLabel.Text = Session["firstName"].ToString();
    lastNameLabel.Text = Session["lastName"].ToString();
    addressLabel.Text = Session["address"].ToString();
    cityLabel.Text = Session["city"].ToString();
    stateOrProvinceLabel.Text = Session["stateOrProvince"].ToString();
    zipCodeLabel.Text = Session["zipCode"].ToString();
    countryLabel.Text = Session["country"].ToString();
  }

  protected void EnterInfoButton_OnClick(object sender, EventArgs e)
  {
    Session["firstName"] = Server.HtmlEncode(firstNameTextBox.Text);
    Session["lastName"] = Server.HtmlEncode(lastNameTextBox.Text);
    Session["address"] = Server.HtmlEncode(addressTextBox.Text);
    Session["city"] = Server.HtmlEncode(cityTextBox.Text);
    Session["stateOrProvince"] = Server.HtmlEncode(stateOrProvinceTextBox.Text);
    Session["zipCode"] = Server.HtmlEncode(zipCodeTextBox.Text);
    Session["country"] = Server.HtmlEncode(countryTextBox.Text);

    enterUserInfoPanel.Visible = false;
    userInfoPanel.Visible = true;

    SetLabels();
  }

  protected void ChangeInfoButton_OnClick(object sender, EventArgs args)
  {
    enterUserInfoPanel.Visible = true;
    userInfoPanel.Visible = true;
  }
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
  <meta http-equiv="Content-Type" content="text/html" />
  <title>User Information</title>
</head>
<body>
  <form id="form1" runat="server">
    <h3>
      User information</h3>
    <asp:Label ID="Msg" ForeColor="maroon" runat="server" /><br />
    <asp:Panel ID="enterUserInfoPanel" runat="server">
      <table cellpadding="3" border="0">
        <tr>
          <td>
            First name:</td>
          <td>
            <asp:TextBox ID="firstNameTextBox" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Last name:</td>
          <td>
            <asp:TextBox ID="lastNameTextBox" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Address:</td>
          <td>
            <asp:TextBox ID="addressTextBox" runat="server" /></td>
        </tr>
        <tr>
          <td>
            City:</td>
          <td>
            <asp:TextBox ID="cityTextBox" runat="server" /></td>
        </tr>
        <tr>
          <td>
            State or Province:</td>
          <td>
            <asp:TextBox ID="stateOrProvinceTextBox" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Zip Code/Postal Code:</td>
          <td>
            <asp:TextBox ID="zipCodeTextBox" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Country:</td>
          <td>
            <asp:TextBox ID="countryTextBox" runat="server" /></td>
        </tr>
        <tr>
          <td>
            &nbsp;</td>
          <td>
            <asp:Button ID="enterInfoButton" runat="server" Text="Enter user information" OnClick="EnterInfoButton_OnClick" /></td>
        </tr>
      </table>
    </asp:Panel>
    <asp:Panel ID="userInfoPanel" runat="server">
      <table cellpadding="3" border="0">
        <tr>
          <td>
            Name:</td>
          <td>
            <asp:Label ID="firstNameLabel" runat="server" />
            <asp:Label ID="lastNameLabel" runat="server" />
          </td>
        </tr>
        <tr>
          <td valign="top">
            address:</td>
          <td>
            <asp:Label ID="addressLabel" runat="server" /><br />
            <asp:Label ID="cityLabel" runat="server" />,
            <asp:Label ID="stateOrProvinceLabel" runat="server" />
            <asp:Label ID="zipCodeLabel" runat="server" /><br />
            <asp:Label ID="countryLabel" runat="server" />
          </td>
        </tr>
        <tr>
          <td>
            &nbsp;</td>
          <td>
            <asp:Button ID="changeInfoButton" runat="server" Text="Change user information" OnClick="ChangeInfoButton_OnClick" /></td>
        </tr>
      </table>
    </asp:Panel>
  </form>
</body>
</html>

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft