Static fields vs Session variables

c# asp.net .net session-variables static-members
Mikayil Abdullayev picture Mikayil Abdullayev · Feb 6, 2013 · Viewed 18.5k times · Source

So far I've been using Session to pass some variables from one page to another. For instance user role. When a user logs in to the web application the role id of the user is kept in Session and that role is checked at different parts of the application. I've recently started thinking why not use static members instead. I can store the same information in a static field and easily access it anywhere in my application (well anywhere the namespace in which that static field resides is included.) I know that using Session variables comes handy sometimes, such that:

  1. Any kind of data can be stored in Session. It then must be casted however.But static fields accept data with the correct datatype only.
  2. Session variables will expire after a certain time which is the behavior we need in many cases.

Apart from the above, are there any other reasons why I should not use static fields to store data and have it available everywhere?

Answer

Jon Skeet picture Jon Skeet · Feb 6, 2013

No, using static variables for this is not the way to go:

  • If your AppDomain is recycled, all your static variables will be "reset"
  • Static variables don't scale horizontally - if you load-balance your application, a user who hits one server then a different one won't see the data store in the static variables in the first server
  • Most importantly, static variables will be shared by all access to that server... it won't be on a per-user basis at all... whereas from your description, you wouldn't want user X to see user Y's information.

Fundamentally, you have two choices for propagating information around your application:

  • Keep it client-side, so each request gives the information from the previous steps. (This can become unwieldy with large amounts of information, but can be useful for simple cases.)
  • Keep it server-side, ideally in some persistent way (such as a database) with the client providing a session identifier.

If you can use load-balancing to keep all users going to the same server, and if you don't mind sessions being lost when the AppDomain is recycled1 or a server going down, you can keep it in memory, keyed by session ID... but be careful.

1 There may be mechanisms in ASP.NET to survive this, propagating session information from one AppDomain to another - I'm not sure

Related questions

ASP.NET removing an item from Session?

Which method is preferred? Session.Remove("foo"); Session["foo"] = null; Is there a difference?

Read More
Where I should declare a session variable in asp.net

I am building a Asp.net Application. I need to save a HashTable in a session. At page load i am writing protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { Session["AttemptCount"]=new Hashtable(); //Because of this …

Read More
In C#, what is the difference between public, private, protected, and having no access modifier?

All my college years I have been using public, and would like to know the difference between public, private, and protected? Also what does static do as opposed to having nothing?

Read More