Session State
Applies To: Windows Server 2012 R2, Windows Server 2012
Use the Session State feature page to configure the behavior of information maintained across browser sessions.
Related scenarios
UI Elements for Session State
The following tables describe the UI elements that are available on the feature page and in the Actions pane.
Feature Page Elements
Element Name |
Description |
||
---|---|---|---|
Not enabled |
Disables session state. |
||
In process |
Stores session state data for a managed-code application in the worker process where the application runs. This setting is the default. |
||
Custom |
Configures IIS to use a custom provider to handle session state for ASP.NET applications. |
||
State Server |
Enables the Windows Aspnet_state.exe state service and stores session state outside the worker process where the application runs. The advantage of this configuration is that session state is preserved when the application's worker process recycles. Using a state server is recommended for medium-sized web applications. The settings to configure are:
|
||
SQL Server |
Configures IIS to use a SQL Server database to store session state data instead of storing it in the worker process where the application runs. The advantage of this configuration is that session state is preserved when the application's worker process recycles. In addition, session state is preserved if either the Windows state service or the web server goes down. The settings to configure are:
Important Before you configure a SQL Server for session state, run the InstallSqlState.sql script on the server. By default, this script is stored in systemroot\Microsoft.NET\Framework\V2.0.50727. |
||
Enable custom database |
Enables a custom SQL Server database for storing session state data. |
||
Mode |
Defines how cookies are used to store session state data. The options are:
Note Consider changing the time-out value to less than the 20-minute default so a potential attacker has less time to capture a cookie and gain access to website content.
|
||
Name |
Sets a name for the cookie. The default is ASP.NET_SessionID. |
||
Time-out (in minutes) |
Sets the time, in minutes, that a cookie persists. The default is 20 minutes. |
||
Regenerate expired session ID |
Tells IIS to reject and reissue session IDs that do not have corresponding sessions active in the database. By default, this feature is supported only for cookieless session IDs, but this feature can be extended in order to manage cookie/arbitrary session IDs by implementing a custom session ID manager. |
||
Use hosting identity for impersonation |
Enables Windows authentication and the host process identity (either ASP.NET or a Windows service identity) for remote connections. |
Actions Pane Elements
Element Name |
Description |
---|---|
Apply |
Saves the changes that you have made on the feature page. |
Cancel |
Cancels the changes that you have made on the feature page. |