Share via

SessionStateStoreProviderBase Class


Defines the required members of a session-state provider for a data store.

public ref class SessionStateStoreProviderBase abstract : System::Configuration::Provider::ProviderBase
public abstract class SessionStateStoreProviderBase : System.Configuration.Provider.ProviderBase
type SessionStateStoreProviderBase = class
    inherit ProviderBase
Public MustInherit Class SessionStateStoreProviderBase
Inherits ProviderBase


For an example of a session-state store provider implementation, see Implementing a Session-State Store Provider.

The following code example shows the Web.config file for an ASP.NET application that is configured to use a custom session-state store provider.

    <add name="OdbcSessionServices" connectionString="DSN=SessionState;" />

        <add name="OdbcSessionProvider"
             connectionStringName="OdbcSessionServices" />


ASP.NET session state reads and writes session data from and to a data store using a session-state store provider. A session-state store provider is a class that inherits the SessionStateStoreProviderBase abstract class and overrides its members with implementations specific to the data store. The session-state store provider is called by the SessionStateModule class during the processing of an ASP.NET page to communicate with the data store for the storage and retrieval of session variables and related session information such as the time-out value.

Session data within each ASP.NET application is stored separately for each SessionID property. ASP.NET applications do not share session data.

You can specify a custom SessionStateStoreProviderBase implementation for an ASP.NET application by setting the mode attribute of the sessionState configuration element to Custom and the customProvider attribute to the name of the custom provider, as shown in the example for this topic.

Locking Session Store Data

Because ASP.NET applications are multithreaded to support responding to concurrent requests, it is possible that concurrent requests might attempt to access the same session information. Consider a scenario where multiple frames in a frameset all access the same application. The separate requests for each frame in the frameset can be executed on the Web server concurrently on different threads. If the ASP.NET pages for each frame source access session-state variables, then you could have multiple threads accessing the session store concurrently.

To avoid data collisions at the session store and unexpected session-state behavior, the SessionStateModule and SessionStateStoreProviderBase classes include lock functionality that exclusively locks the session store item for a particular session for the duration of the execution of an ASP.NET page. Note that even if the EnableSessionState attribute is marked as ReadOnly, other ASP.NET pages in the same application might be able to write to the session store, so a request for read-only session data from the store might still end up waiting for locked data to be freed.

A lock is set on session-store data at the beginning of the request, in the call to the GetItemExclusive method. When the request completes, the lock is released during the call to the SetAndReleaseItemExclusive method.

If the SessionStateModule object encounters locked session data during the call to either the GetItemExclusive or the GetItem method, it will re-request the session data at half-second intervals until either the lock is released or the amount of time that the session data has been locked exceeds the value of the ExecutionTimeout property. If the execution time out is exceeded, the SessionStateModule object will call the ReleaseItemExclusive method to free the session-store data and request the session-store data at that time.

Because locked session-store data might have been freed by a call to the ReleaseItemExclusive method on a separate thread before the call to the SetAndReleaseItemExclusive method for the current response, an attempt could be made to set and release session-state store data that has already been released and modified by another session. To avoid this situation, the GetItem and GetItemExclusive methods return a lock identifier. This lock identifier must be included with each request to modify locked session-store data. Session-store data is modified only if the lock identifier in the data store matches the lock identifier supplied by the SessionStateModule.

Deleting Expired Session Store Data

When the Abandon method is called for a particular session, the data for that session is deleted from the data store using the RemoveItem method; otherwise, the data will remain in the session data store to server future requests for the session. It is up to the SessionStateStoreProviderBase implementation to delete expired session data.



Initializes a new instance of the SessionStateStoreProviderBase class.



Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs).

(Inherited from ProviderBase)

Gets the friendly name used to refer to the provider during configuration.

(Inherited from ProviderBase)


CreateNewStoreData(HttpContext, Int32)

Creates a new SessionStateStoreData object to be used for the current request.

CreateUninitializedItem(HttpContext, String, Int32)

Adds a new session-state item to the data store.


Releases all resources used by the SessionStateStoreProviderBase implementation.


Called by the SessionStateModule object at the end of a request.


Determines whether the specified object is equal to the current object.

(Inherited from Object)

Serves as the default hash function.

(Inherited from Object)
GetItem(HttpContext, String, Boolean, TimeSpan, Object, SessionStateActions)

Returns read-only session-state data from the session data store.

GetItemExclusive(HttpContext, String, Boolean, TimeSpan, Object, SessionStateActions)

Returns read-only session-state data from the session data store.


Gets the Type of the current instance.

(Inherited from Object)
Initialize(String, NameValueCollection)

Initializes the configuration builder.

(Inherited from ProviderBase)

Called by the SessionStateModule object for per-request initialization.


Creates a shallow copy of the current Object.

(Inherited from Object)
ReleaseItemExclusive(HttpContext, String, Object)

Releases a lock on an item in the session data store.

RemoveItem(HttpContext, String, Object, SessionStateStoreData)

Deletes item data from the session data store.

ResetItemTimeout(HttpContext, String)

Updates the expiration date and time of an item in the session data store.

SetAndReleaseItemExclusive(HttpContext, String, SessionStateStoreData, Object, Boolean)

Updates the session-item information in the session-state data store with values from the current request, and clears the lock on the data.


Sets a reference to the SessionStateItemExpireCallback delegate for the Session_OnEnd event defined in the Global.asax file.


Returns a string that represents the current object.

(Inherited from Object)

Applies to

See also