This documentation is archived and is not being maintained.

SessionStateStoreProviderBase Class

Defines the required members of a session-state provider for a data store.


Namespace:  System.Web.SessionState
Assembly:  System.Web (in System.Web.dll)

public ref class SessionStateStoreProviderBase abstract : public ProviderBase

The SessionStateStoreProviderBase type exposes the following members.

Protected methodSessionStateStoreProviderBaseInitializes a new instance of the SessionStateStoreProviderBase class.

Public propertyDescriptionGets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs). (Inherited from ProviderBase.)
Public propertyNameGets the friendly name used to refer to the provider during configuration. (Inherited from ProviderBase.)

Public methodCreateNewStoreDataCreates a new SessionStateStoreData object to be used for the current request.
Public methodCreateUninitializedItemAdds a new session-state item to the data store.
Public methodDisposeReleases all resources used by the SessionStateStoreProviderBase implementation.
Public methodEndRequestCalled by the SessionStateModule object at the end of a request.
Public methodEquals(Object)Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetItemReturns read-only session-state data from the session data store.
Public methodGetItemExclusiveReturns read-only session-state data from the session data store.
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodInitializeInitializes the provider. (Inherited from ProviderBase.)
Public methodInitializeRequestCalled by the SessionStateModule object for per-request initialization.
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodReleaseItemExclusiveReleases a lock on an item in the session data store.
Public methodRemoveItemDeletes item data from the session data store.
Public methodResetItemTimeoutUpdates the expiration date and time of an item in the session data store.
Public methodSetAndReleaseItemExclusiveUpdates the session-item information in the session-state data store with values from the current request, and clears the lock on the data.
Public methodSetItemExpireCallbackSets a reference to the SessionStateItemExpireCallback delegate for the Session_OnEnd event defined in the Global.asax file.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)

ASP.NET session state reads and writes session data from and to a data store using a session-state store provider. A session-state store provider is a class that inherits the SessionStateStoreProviderBase abstract class and overrides its members with implementations specific to the data store. The session-state store provider is called by the SessionStateModule class during the processing of an ASP.NET page to communicate with the data store for the storage and retrieval of session variables and related session information such as the time-out value.

Session data within each ASP.NET application is stored separately for each SessionID property. ASP.NET applications do not share session data.

You can specify a custom SessionStateStoreProviderBase implementation for an ASP.NET application by setting the mode attribute of the sessionState configuration element to Custom and the customProvider attribute to the name of the custom provider, as shown in the example for this topic.

Locking Session Store Data

Because ASP.NET applications are multithreaded to support responding to concurrent requests, it is possible that concurrent requests might attempt to access the same session information. Consider a scenario where multiple frames in a frameset all access the same application. The separate requests for each frame in the frameset can be executed on the Web server concurrently on different threads. If the ASP.NET pages for each frame source access session-state variables, then you could have multiple threads accessing the session store concurrently.

To avoid data collisions at the session store and unexpected session-state behavior, the SessionStateModule and SessionStateStoreProviderBase classes include lock functionality that exclusively locks the session store item for a particular session for the duration of the execution of an ASP.NET page. Note that even if the EnableSessionState attribute is marked as ReadOnly, other ASP.NET pages in the same application might be able to write to the session store, so a request for read-only session data from the store might still end up waiting for locked data to be freed.

A lock is set on session-store data at the beginning of the request, in the call to the GetItemExclusive method. When the request completes, the lock is released during the call to the SetAndReleaseItemExclusive method.

If the SessionStateModule object encounters locked session data during the call to either the GetItemExclusive or the GetItem method, it will re-request the session data at half-second intervals until either the lock is released or the amount of time that the session data has been locked exceeds the value of the ExecutionTimeout property. If the execution time out is exceeded, the SessionStateModule object will call the ReleaseItemExclusive method to free the session-store data and request the session-store data at that time.

Because locked session-store data might have been freed by a call to the ReleaseItemExclusive method on a separate thread before the call to the SetAndReleaseItemExclusive method for the current response, an attempt could be made to set and release session-state store data that has already been released and modified by another session. To avoid this situation, the GetItem and GetItemExclusive methods return a lock identifier. This lock identifier must be included with each request to modify locked session-store data. Session-store data is modified only if the lock identifier in the data store matches the lock identifier supplied by the SessionStateModule.

Deleting Expired Session Store Data

When the Abandon method is called for a particular session, the data for that session is deleted from the data store using the RemoveItem method; otherwise, the data will remain in the session data store to server future requests for the session. It is up to the SessionStateStoreProviderBase implementation to delete expired session data.

How to: Sample Session-State Store ProviderBuilding ASP .NET Web Applications
Implementing a Session-State Store ProviderBuilding ASP .NET Web Applications
How to: Sample Session-State Store ProviderBuilding ASP .NET Web Applications
Implementing a Session-State Store ProviderBuilding ASP .NET Web Applications

For an example of a session-state store provider implementation, see Implementing a Session-State Store Provider.

The following code example shows the Web.config file for an ASP.NET application that is configured to use a custom session-state store provider.

    <add name="OdbcSessionServices" connectionString="DSN=SessionState;" />

        <add name="OdbcSessionProvider"
             connectionStringName="OdbcSessionServices" />

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.