While working with ASP.NET web application you must be familiar with one of most important state management technique “Session”. ASP.NET Session State is on by default, hence you are paying for memory even if you don’t use it. There are several ways to optimize it.

Tip #1 :  Not using Session State at all ? Then turn it off completely in web.config



Tip #2 : Session is only required for few pages not all over the application 

Then first turn it off for all pages, for that you need to do following entry in web.config



then enable it for a specific page where you required the session



Tip #3 : If you are using Session for Reading Purpose, use Session State as “ReadOnly”

If you are a beginner, you must be wondering what is EnableSessionState=”Readonly” .  Well, if you look at your web application, not all the pages using Session or some of the pages is using session data for reading purpose. If there is no write operation happaning on session, then it’s always better to use session State is “ReadOnly



The session request pass through different httpModule with in HTTPPipeline. Know more details on how session state ReadOnly works , please read the article
Read Only Session State in ASP.NET. A quick summary from the referred article,

The session state module implements a readers – writers  locking mechanism and queues the access to session state values. A page that has session-state write access will hold a writer lock on the session until the request finishes. A page gains write access to the session state by setting the EnableSessionState attribute on the @Page directive to True. A page that has session-state read access — for example, when the EnableSessionState attribute is set to ReadOnly — will hold a reader lock on the session until the request finishes.

You can also set ReadOnly SessionState in web.config as well



Tip #4 : Programmatically Change Session State Behavior when required (ASP.NET 4.0)

We can enable or disabled session state either in web.config or using @Page directive’s   EnableSessionState attributes. But there was no provision to change the session state at runtime till date in ASP.NET. But using  ASP.NET 4.0, we can change the session  state programmatically . The .NET 4.0 framework adds a new method SetSessionStateBehavior  to the HttpContext class for ASP.NET. This method required SessionStatebehavior  value to set the current session mode. To call SetSessionStateBehavior   simply create a new HttpModule by Implementing IHttModule and hook the BeginRequest event. Most important you can only use the SetSessionStateBehavior  until the AcquireRequestState event is fired, because
AcquireRequestState  Occurs when ASP.NET acquires the current state  that is associated with the current request

While calling SetSessionStatebehavior, You can pass the following values as SessionStatebehavior  :

- Default: This is default setting which means  everything works as before
- Disabled: Turned of Session Sate for Current Request.
- ReadOnly: Read only access to Session State;
- Required: Enabled session state for both Read and Write Access



Tip #5 : Compress Session Data while using OutProc Session mode based on Requirements (AP.NET 4.0)

ASP.NET 4.0 comes with a new option for compressing the Session data with Out Process Session mode. To enabling this functionality we need to add “compressionEnabled=”true” attribute with the SessionMode in web.config .



When Compression mode is enabled is web.config, ASP.NET  compress the serialized session data  and passed it to session storage and during retrieval same  deserialization and decompression happens in server side. ASP.NET 4.0 used System.IO.Compression.GZStream class to compress the session mode.



Tip #6 : Use HttpContext.Current.Items for very short term storage instead of Session

You can use HttpContext.Current.Items for very short term storage. By Short term storage means, this data is valid for a single HTTP Request.  There are many confusion around regarding storing data in HttpContext.Current.Items and storing data in Session variable. Items collections of HttpContext is and IDictionary key-value collections and that are shared across a single HTTPRequest. Yes, HttpContext.Current.Items  valid for  a single HTTPRequest.



Cheers…