Moving from ASP Sessions to Database Sessions - Inetserver

Bookham Measures wrote:
> Hello
>
> We are planning to set-up a load balanced web environment. Accordingly, we
> are going to change the session management on our
> website from the classic ASP Session State and session variables, to
> a database method.
> Does any one have any pointers as to how I might approach this, so
> that I can have the same sort of functionality the ASP sessions give
> without having to create database columns for each session variable I
> wish to create.
> I am thinking along the lines of some serialised dictionary or
> something that I can stick in a blob column.
>
> Thanks in advance
>
> David

The simplest: three columns, with the "Variable..." columns being varchar:
UserID, VariableName, VariableValue

More functionality can be gained by adding a DateCreated and/or DateModified
column
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

"Bookham Measures" wrote:
> We are planning to set-up a load balanced web environment. Accordingly,
> we are going to change the session management on our website from the
> classic ASP Session State and session variables, to a database method.
>
> Does any one have any pointers as to how I might approach this, so that
> I can have the same sort of functionality the ASP sessions give without
> having to create database columns for each session variable I wish to
> create.
>
> I am thinking along the lines of some serialised dictionary or
> something that I can stick in a blob column.

I wholeheartedly endorse this decision. It's a great way to share session
information between multiple web technologies (like ASP and ASP.NET), as
well as across servers.

We use two tables: One is common session information (session ID (PK),
session expiration, user ID (optional), and demographics (user agent, IP
address, etc.). The other contains the variables, with session ID and
name-value pairs.

We have been using this for more than three years, and have one regret --
this design does not allow scope limitation. Our next version will have
optional domain & path restrictions, much like cookies have.


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

Thank you for the replies guys.

Would you say this method offered any performance benefits on it's own.
Would it be better not to use ASP sessions ever, if it could be avoided.


"Bookham Measures" <bookham_measures_no_spam@yahoo.com> wrote in message
news:%23IIvhDUzHHA.5380@TK2MSFTNGP04.phx.gbl...
> Hello
>
> We are planning to set-up a load balanced web environment. Accordingly,
> we are going to change the session management on our website from the
> classic ASP Session State and session variables, to a database method.
>
> Does any one have any pointers as to how I might approach this, so that I
> can have the same sort of functionality the ASP sessions give without
> having to create database columns for each session variable I wish to
> create.
>
> I am thinking along the lines of some serialised dictionary or something
> that I can stick in a blob column.
>
> Thanks in advance
>
> David
>

"Bookham Measures" wrote:
> Would you say this method offered any performance benefits on it's
> own. Would it be better not to use ASP sessions ever, if it could
> be avoided.

I can't imagine that it offers any performance benefit at all. But
performance is really a secondary concern when you want to share session
information across platforms, servers, and applications.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

How do you pass/share the PK between ASP.net and Classic ASP ?


> I wholeheartedly endorse this decision. It's a great way to share session information between multiple web technologies (like ASP
> and ASP.NET), as well as across servers.

"Jon Paal [MSMD]" wrote:
> How do you pass/share the PK between ASP.net and Classic ASP ?

You don't. You obviously have to use part of the request to identify the
session, but the PK is not required to be the shared information. We use
cookies and demographic information as a basis, and put it behind SSL when
security matters.


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

I should clarify my question...

I presume either can look up the desired session info from the database.

Where is the common value exchanged between ASP.net and Classic ASP, so the info can be looked up by either ?



"Dave Anderson" <NPQRWPDWZGSP@spammotel.com> wrote in message news:OS1Ke5hzHHA.988@TK2MSFTNGP02.phx.gbl...
> "Jon Paal [MSMD]" wrote:
>> How do you pass/share the PK between ASP.net and Classic ASP ?
>
> You don't. You obviously have to use part of the request to identify the session, but the PK is not required to be the shared
> information. We use cookies and demographic information as a basis, and put it behind SSL when security matters.
>

"Jon Paal [MSMD]" wrote:
> I presume either can look up the desired session info from the database.
>
> Where is the common value exchanged between ASP.net and Classic ASP,
> so the info can be looked up by either ?

In a cookie.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

So why not put all the session values in the cookie keys and skip the database ?



"Dave Anderson" <NPQRWPDWZGSP@spammotel.com> wrote in message news:epShYvszHHA.2484@TK2MSFTNGP06.phx.gbl...
> In a cookie.



> "Jon Paal [MSMD]" wrote:
>> I presume either can look up the desired session info from the database.
>>
>> Where is the common value exchanged between ASP.net and Classic ASP,
>> so the info can be looked up by either ?