Sample Session-State Store Provider
Describes a custom session-state store-provider implementation that uses the ODBC .NET Framework data provider to manage session information in an Access database.
The following topics include the code for a sample session-state store-provider implementation. The sample provider uses the System.Data.Odbc classes to store and retrieve session information by using an Access database.
This topic describes implementation details about the sample session-state store provider and describes how to build the sample and configure an ASP.NET application to use the sample provider.
The code for the sample provider can be found in the How to: Sample Session-State Store Provider topic.
Database Schema
The sample session-state provider uses a single table named Sessions to manage session information. To create the Access table used by the sample provider, issue the following data-definition query in a new or existing Access database.
CREATE TABLE Sessions
(
SessionId Text(80) NOT NULL,
ApplicationName Text(255) NOT NULL,
Created DateTime NOT NULL,
Expires DateTime NOT NULL,
LockDate DateTime NOT NULL,
LockId Integer NOT NULL,
Timeout Integer NOT NULL,
Locked YesNo NOT NULL,
SessionItems Memo,
Flags Integer NOT NULL,
CONSTRAINT PKSessions PRIMARY KEY (SessionId, ApplicationName)
)
Event Log Access
If the sample provider encounters an exception when working with the data source, it writes the details of the exception to the Application Event Log instead of returning the exception to the ASP.NET application. This is done as a security measure to avoid private information about the data source from being exposed in the ASP.NET application.
The sample provider specifies an event Source property value of "OdbcSessionStateStore." Before your ASP.NET application will be able to write to the Application Event Log successfully, you will need to create the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\OdbcSessionStateStore
If you do not want the sample provider to write exceptions to the event log, then you can set the custom writeExceptionsToEventLog attribute to false in the Web.config file.
Support for the Session_OnEnd Event
The sample session-state store provider does not support the Session_OnEnd event defined in the Global.asax file, as there is no way for the Access database to notify the session-state store provider that the expiration date and time for a session has passed. The session-state store provider must query for this information. You cannot predict when the session-state store provider will be used, and it is therefore unlikely that the Session_OnEnd event will be raised at the exact time that the session times out. As a result, the SetItemExpireCallback method implementation in the sample session-state store provider returns false, to inform the SessionStateModule that the Session_OnEnd event is not supported.
Cleaning Up Expired Session Data
Because the sample session-state store provider does not provide support for the Session_OnEnd event, it does not automatically clean up expired session-item data. It is recommended that you periodically delete expired session information from the data store with the following code.
Dim commandString As String = "DELETE FROM Sessions WHERE Expires < ?"
Dim conn As OdbcConnection = new OdbcConnection(connectionString)
Dim cmd As OdbcCommand = New OdbcCommand(commandString, conn)
cmd.Parameters.Add("@Expires", OdbcType.DateTime).Value = DateTime.Now
conn.Open()
cmd.ExecuteNonQuery()
conn.Close()
string commandString = "DELETE FROM Sessions WHERE Expires < ?";
OdbcConnection conn = new OdbcConnection(connectionString);
OdbcCommand cmd = new OdbcCommand(commandString, conn);
cmd.Parameters.Add("@Expires", OdbcType.DateTime).Value = DateTime.Now;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
Building the Sample Provider
In order to use the sample provider, you can place your source code in the App_Code directory of your application. Note that if you already have source code in the App_Code directory of your application, you must add the version of the sample provider that is written in the same language as the existing code in the directory. The provider will be compiled by ASP.NET when your application is requested.
You can also compile the sample provider as a library and place it in the Bin directory of your Web application, or strongly name it and place it in the GAC. The following command shows how to compile the sample provider using the command-line compiler after the sample code has been copied to a file named OdbcSessionStateStore.vb for Visual Basic and OdbcSessionStateStore.cs for C#.
vbc /out:OdbcSessionStateStore.dll /t:library OdbcSessionStateStore.vb /r:System.Web.dll /r:System.Configuration.dll
csc /out:OdbcSessionStateStore.dll /t:library OdbcSessionStateStore.cs /r:System.Web.dll /r:System.Configuration.dll
Using the Sample Provider in an ASP.NET Application
The following example shows the Web.config file for an ASP.NET application configured to use the sample provider. The example uses an ODBC DSN named "SessionState" to obtain connection information for the Access database. To use the sample provider, you will need to either create the "SessionState" System DSN or supply a valid ODBC connection string to your database.
The example configuration assumes that your Web site is set up to use forms authentication and includes an ASP.NET page called login.aspx that allows users to log in.
<configuration>
<connectionStrings>
<add name="OdbcSessionServices" connectionString="DSN=SessionState;" />
</connectionStrings>
<system.web>
<sessionState
cookieless="true"
regenerateExpiredSessionId="true"
mode="Custom"
customProvider="OdbcSessionProvider">
<providers>
<add name="OdbcSessionProvider"
type="Samples.AspNet.Session.OdbcSessionStateStore"
connectionStringName="OdbcSessionServices"
writeExceptionsToEventLog="false" />
</providers>
</sessionState>
</system.web>
</configuration>
See Also
Concepts
Implementing a Session-State Store Provider