System.Web 2.0.0.0 System.Configuration.Provider.ProviderBase ASP.NET session state reads and writes session data from and to a data store using a session-state store provider. A session-state store provider is a class that inherits the abstract class and overrides its members with implementations specific to the data store. The session-state store provider is called by the class during the processing of an ASP.NET page to communicate with the data store for the storage and retrieval of session variables and related session information such as the time-out value. Session data within each ASP.NET application is stored separately for each property. ASP.NET applications do not share session data. You can specify a custom implementation for an ASP.NET application by setting the mode attribute of the sessionState configuration element to and the customProvider attribute to the name of the custom provider, as shown in the example for this topic.

Locking Session Store Data

Because ASP.NET applications are multithreaded to support responding to concurrent requests, it is possible that concurrent requests might attempt to access the same session information. Consider a scenario where multiple frames in a frameset all access the same application. The separate requests for each frame in the frameset can be executed on the Web server concurrently on different threads. If the ASP.NET pages for each frame source access session-state variables, then you could have multiple threads accessing the session store concurrently. To avoid data collisions at the session store and unexpected session-state behavior, the and classes include lock functionality that exclusively locks the session store item for a particular session for the duration of the execution of an ASP.NET page. Note that even if the attribute is marked as ReadOnly, other ASP.NET pages in the same application might be able to write to the session store, so a request for read-only session data from the store might still end up waiting for locked data to be freed. A lock is set on session-store data at the beginning of the request, in the call to the method. When the request completes, the lock is released during the call to the method. If the object encounters locked session data during the call to either the or the method, it will re-request the session data at half-second intervals until either the lock is released or the amount of time that the session data has been locked exceeds the value of the property. If the execution time out is exceeded, the object will call the method to free the session-store data and request the session-store data at that time. Because locked session-store data might have been freed by a call to the method on a separate thread before the call to the method for the current response, an attempt could be made to set and release session-state store data that has already been released and modified by another session. To avoid this situation, the and methods return a lock identifier. This lock identifier must be included with each request to modify locked session-store data. Session-store data is modified only if the lock identifier in the data store matches the lock identifier supplied by the .

Deleting Expired Session Store Data

When the method is called for a particular session, the data for that session is deleted from the data store using the method; otherwise, the data will remain in the session data store to server future requests for the session. It is up to the implementation to delete expired session data.

Defines the required members of a session-state provider for a data store.

Constructor 2.0.0.0 You are not required to implement a constructor for a class that inherits the abstract class. Initialization values for a implementation are passed to the method implementation.

Initializes a new instance of the class.

Method 2.0.0.0 System.Web.SessionState.SessionStateStoreData The object calls the method at the beginning of a request for an ASP.NET page, during the event. The method is called if: the incoming request has no session ID, or the incoming request has a session ID, but the session is not found in the data store. The method creates a new object with an empty object, an collection, and the specified value. The collection for the ASP.NET application can be retrieved using the method.

Creates a new object to be used for the current request.

A new for the current request. The for the current request. The session-state value for the new . Method 2.0.0.0 System.Void The method is used with sessions when the cookieless and regenerateExpiredSessionId attributes are both true. Having the regenerateExpiredSessionId attribute set to true causes the object to generate a new value when an expired value is encountered. The process of generating a new value requires redirecting the browser to a URL that contains the newly generated value. The method is called during the initial request that contains an expired value. After the object acquires a new value to replace the expired value, it calls the method to add an uninitialized entry to the session-state data store. The browser is then redirected to the URL containing the newly generated value. The existence of the uninitialized entry in the session data store ensures that the redirected request that includes the newly generated value is not mistaken for a request for an expired session and is, instead, treated as a new session. The uninitialized entry in the session data store is associated with the newly generated value and contains only default values, including an expiration date and time and a value that corresponds to the parameter of the and methods. The uninitialized entry in the session-state store should include an value equal to the enumeration value. This value is passed to the object by the and methods, and informs the object that the current session is a new but uninitialized session. The object will then initialize the new session and raise the Session_OnStart event. For more information about cookieless sessions, see the property.

Adds a new session-state item to the data store.

The for the current request. The for the current request. The session for the current request. Method 2.0.0.0 System.Void The method is called when the method executes at the closing of the application domain. Classes that inherit the class can use this method to free any resources no longer in use.

Releases all resources used by the implementation.

Method 2.0.0.0 System.Void The object calls the method at the end of a request for an ASP.NET page, during the event. You can use the method to perform any per-request cleanup required by your session-state store provider.

Called by the object at the end of a request.

The for the current request. Method 2.0.0.0 System.Web.SessionState.SessionStateStoreData To be added. To be added. To be added. To be added. To be added. To be added.

To be added.

To be added. To be added. Method 2.0.0.0 System.Web.SessionState.SessionStateStoreData To be added. To be added. To be added. To be added. To be added. To be added.

To be added.

To be added. To be added. Method 2.0.0.0 System.Void The object calls the method before calling any other method. You can use the method to perform any per-request initialization required by your session-state store provider.

Called by the object for per-request initialization.

The for the current request. Method 2.0.0.0 System.Void The object calls the method to update the expiration date and release a lock on an item in the session data store. It is called at the end of a request, during the event, if session values are unchanged. If session values have been modified, the object instead calls the method. The object also calls the method when a lock on an item in the session data store has exceeded the value. For more information about locking and details about the lock identifier, see "Locking Session-Store Data" in the class overview. The method only removes the lock from an item in the session data store for the current application that matches the supplied session and values. If the does not match the one in the data store, the method does nothing.

Releases a lock on an item in the session data store.

The for the current request. The session identifier for the current request. The lock identifier for the current request. Method 2.0.0.0 System.Void The object calls the method at the end of a request, during the event, to delete the data for a session item from the session data store if the method has been called. Only session data for the current application that matches the supplied session and values is deleted. For more information about locking and details about the lock identifier, see "Locking Session-Store Data" in the class overview.

Deletes item data from the session data store.

The for the current request. The session identifier for the current request. The lock identifier for the current request. The that represents the item to delete from the data store. Method 2.0.0.0 System.Void The object calls the method to update the expiration date and time for a session to the current date and time plus the session value when either: the attribute is true, or the request did not raise the and events due to an error. If an ASP.NET page is requested and the attribute is set to false, the method is still called to update the expiration date and time of the data in the session data store.

Updates the expiration date and time of an item in the session data store.

The for the current request. The session identifier for the current request. Method 2.0.0.0 System.Void The object calls the method at the end of a request, during the event, to insert current session-item information into the data store or update existing session-item information in the data store with current values, to update the expiration time on the item, and to release the lock on the data. Only session data for the current application that matches the supplied session and values is updated. For more information about locking, see "Locking Session Store Data" in the class overview. If the session values for the current request have not been modified, the method is not called. Instead, the method is called. If the method has been called, the method is not called. Instead, the object calls the method to delete session-item data from the data source.

Updates the session-item information in the session-state data store with values from the current request, and clears the lock on the data.

The for the current request. The session identifier for the current request. The object that contains the current session values to be stored. The lock identifier for the current request. true to identify the session item as a new item; false to identify the session item as an existing item. Method 2.0.0.0 System.Boolean The object calls the method when the module is initialized to determine whether calls to the Session_OnEnd event are supported by the implementation and to associate the delegate with the Session_OnEnd event. Custom session-state store provider implementers should use the method to inform the object whether calls to the Session_OnEnd event are supported and to set a local reference to the delegate supplied by the parameter. The custom implementation must decide when the local delegate will be called. For example, the delegate could be called during the call to the method, which is called when a session is abandoned.

Sets a reference to the delegate for the Session_OnEnd event defined in the Global.asax file.

true if the session-state store provider supports calling the Session_OnEnd event; otherwise, false. The delegate for the Session_OnEnd event defined in the Global.asax file.