Session:

32.25 Why aren't my sessions expiring, I am using SQLServer mode?

In SQLServer mode, session expiration is carried out by the SQL Agent using a registered job. Make sure your

SQL Agent is running.

32.26 I set EnableSessionState to "ReadOnly", but in InProc mode I can

still modify the session. Why is that?

Even those enableSessionState is marked as ReadOnly, but in InProc state, the user can still modify the

session. The only difference is that the session will not be locked during the request. This limitation is by-

design

32.27 How can I avoid specifying a plain password for my sql

connection?

Include a sql trusted connection, or put the connection string as encrypted data in the registry. Refer

• FIX: Stronger Credentials for processModel, identity, and sessionState

• How To Use the ASP.NET Utility to Encrypt Credentials and Session State Connection Strings

32.28 How can I use Session variables in a class?

Use HttpContext.Current.Session

VB.NET

HttpContext.Current.Session("Value1") = "1"

C#

HttpContext.Current.Session["Value1"] = "1";

In similar manner you can use Application Variables too.

32.29 What kind of objects can I store in a Session State?

Depends on which mode you are using:

• InProc Mode- objects stored in session state are actually live objects, and so you can store whatever

object you have created.

• State Server or SQL Server mode, objects in the session state will be serialized and deserialized

when a request is processed. So make sure your objects are serializable and their classes must be