New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
total rewrite of app state #2489
Conversation
@Tratcher Can you take a look at this one? |
|
||
>[!WARNING] | ||
> This page documents version 1.0.0-rc1 and has not yet been updated for version 1.0.0 | ||
When does session clear the backing store? When the session expires? After you close the browser and the session cookie is deleted - what happens to your session data? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Data is deleted from the backing store either when you call Session.Clear() or when the session expires in the data store. The server does not know when the browser is closed or the cookie is deleted.
|
||
By [Steve Smith](http://ardalis.com) | ||
`IdleTimeout` is independent of the cookie's expiration. | ||
Is there a way to set the session ID cookie timeout? What happens to the session cookie after the session is expired? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Session cookies by definition have no specified timeout, the are deleted when the browser session ends.
If a cookie is received for an expired session then a new session is created using the same cookie.
|
||
## Application State Options | ||
HTTP is a stateless protocol; the Web server treats each HTTP request as an independent request. The server retains no knowledge of variable values that were used in previous requests. This article discusses various approaches to preserving application and user (session) state between requests. Although preserving state is often derided, judicious use of state can reduce app complexity and increase performance. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
derided? by REST folks, yes. Don't mention it unless you're going to include the arguments against state.
|
||
### Cookies | ||
The in-memory session provider stores session data on the server, which can impact scale out. If you run your web app on a server farm, you’ll need to enable sticky sessions to tie each session to a specific server. Windows Azure Web Sites defaults to sticky sessions (Application Request Routing or ARR). Sticky session can impact scalability and complicate updating your web app. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can also store sessions in Redis or SQL which should be recommended before sticky sessions.
|
||
### Cache | ||
### Cookie-based TempData provider (requires ASP.NET Core 1.1.0 and higher) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You said above that TempData is built on Session, but then show how to turn on cookie-based tempdata. Needs clarification.
#region snippet1 | ||
public class HomeController : Controller | ||
{ | ||
const string SessionKeyName = "_SessionKeyName"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Putting SessionKey
in the key value seems redundant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed, but I did find it reassuring when I examined the value in the debugger :)
#region snippet2 | ||
public IActionResult SetDate() | ||
{ | ||
HttpContext.Session.Set<DateTime>(SessionKeyDate, DateTime.Now); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that this requires your extra Set extension
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everyone requires that extension method. Why is it not in the framework?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are lots of different ways to serialize data, we didn't want to be tied to a specific serializer. Something like this would make a good Asp.Net Contrib package though.
services.AddSession(options => | ||
{ | ||
options.CookieName = ".AdventureWorks.Session"; | ||
options.CookieHttpOnly = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the default, why set it?
@@ -0,0 +1,45 @@ | |||
{ | |||
"dependencies": { | |||
"Microsoft.AspNetCore.Mvc": "1.0.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update everything to 1.1
}, | ||
|
||
"tools": { | ||
"Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-preview2-final" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1.1.0-preview4-final
"Microsoft.AspNetCore.Mvc": "1.0.1", | ||
"Microsoft.AspNetCore.Routing": "1.0.1", | ||
"Microsoft.AspNetCore.Mvc": "1.1", | ||
"Microsoft.AspNetCore.Routing": "1.1", | ||
"Microsoft.AspNetCore.Server.IISIntegration": "1.0.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed one
No description provided.