Why should I not use HTTPContext Session State in my ASP .Net MVC applications?

jxbma
jxbma used Ask the Experts™
on
Hi:

I recall reading a couple of places that folks are discouraging the use of HTTPContext.Current.Session state in ASP .Net web applications.

Can someone explain some of the reasoning behind this recent trend?
Are there solid technical reasons for this?

Thanks,
JohnB
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Carl TawnSenior Systems and Integration Developer

Commented:
Are you sure they were referring to MVC and not MVC Web API? Not using session for Web API makes sense, but for a standard web application I don't see any real reason not to use session state.
There's a few reasons for it.

Main concern, is it's often really badly misused, where people are storing large objects (datatables etc) in the session.  For every user that goes to the site, all of the objects stored in their session are stored on the servers memory, so when misused, can quickly crash a system and cause a lot of bloat.

One of the other main concerns is in server farms / load balanced environments.
Where you can't be guaranteed that the server that served Page A, is going to be the same server that give the user Page B, hence the session won't have the same values.  There are some environments that provide "session persistence", where it will tie in a unique user to the same server for every request, but there are a lot more environments that don't.

If you don't have a load balancer / farm, then your main concern is misuse and server memory overhead.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial