Session in ASP.NET is a server side object that remembers information between separate web page postbacks within the scope of the current user. It is used mainly in ASP.NET Webforms but also can have its uses in ASP.NET MVC.
There are four main ways in which this works.
- It is stored in memory within IIS.
- It is stored within a separate process, called a state server.
- It is stored in a database, typically SQL/Server
- A custom scheme is used where the developer has to provide some code or link to a third party component.
I once met somebody who was adamant that the In Memory option was the fastest and thus the only method to use, despite the fact that they had a server farm and numerous complications were experienced as a result of trying to keep session affinity (i.e. the browser connected to the same server in the farm so as to keep session state).
I wouldn’t care, but this person was also wrong on performance. It is important that you look at the performance of the system overall (and measure it before you change anything, or move away from the simplest, most easiest to read code/understand option). If it had been measured, the results would have shown that yes, on a small number of users, the in memory option would have been the fastest. However the state server option isn’t far behind (although dependant on one server to hold session state and if this fails every user loses their session) and the SQL option, while slow on one user, overall, because SQL caches commonly used items, over a number of users and number of requests, its in memory anyway.
So the SQL option is by far my preferred option, unless the site really has a lot of traffic and needs a custom option.
The underlying principle is: don’t ever make assumptions about performance. Always test on a reasonable number of users, because you might be very surprised.
More information on Session State can be found at the MSDN topic on the subject.