Session-less Controllers in ASP.NET MVC 3 RC

Posted by: Malcolm Sheridan , on 11/19/2010, in Category ASP.NET MVC
Views: 69659
Abstract: The following article demonstrates the new session-less controllers in ASP.NET MVC 3 RC.

Microsoft has just released ASP.NET MVC 3 Release Candidate. The razor view engine is certainly the biggest addition to the framework, but one feature that has been long overdue in my opinion is the ability to have session-less controllers. There have been numerous times when I wanted this and had to use workarounds. Now this has been added and I’ll show you how to use it..

Before moving on, you need to download ASP.NET MVC 3 Release Candidate (RC). Click here to download and install them using the Microsoft Web Platform Installer. Likewise you can download it from the website here.

Open studio 2010 and create a new ASP.NET MVC 3 Web Application (Razor) project. The new MVC 3 RC dialog can be seen below. Choose an Empty template and select Razor as the view engine and click OK.

Empty Template Razor 

Add a new controller to the project. Controlling the session in the controller is as simple as decorating the controller with the ControllerSessionState attribute. This specifies the type of session support for the controller. Here's the code to create a session-less controller. 

MVC Sessionless Controller

ControllerSessionState accepts a SessionStateBehaviour enum. This parameter specifies the type of session support for a controller. The possible values for this are:

  • Disabled - session state is not enabled for processing the request 
  • Default - the default ASP.NET logic is used to determine the session state behaviour for the request 
  • ReadOnly - read-only session state is enabled for the request 
  • Required - full read-write session state is enabled for the request

It's important to remember that if you have a session-less controller, using TempData will not work because the default store for TempData is the session. So doing the following will throw an exception.

MVC Temp Data Error 

Note: As pointed by Anders in the comments section, in the final version of MVC3 the attribute is (re)named: [SessionState(SessionStateBehavior.Disabled)]

The code above will throw an exception because the session has been disabled for the controller. The exception thrown is:

The SessionStateTempDataProvider class requires session state to be enabled. 

Session State Temp Data Provider

For me this functionality has been long overdue and I'm very happy it has been included in MVC 3 RC. This will be one feature you will use often.

The entire source code of this article can be downloaded over here.

Give me a +1 if you think it was a good article. Thanks!
Recommended Articles
Malcolm Sheridan is a Microsoft awarded MVP in ASP.NET, a Telerik Insider and a regular presenter at conferences and user groups throughout Australia and New Zealand. Being an ASP.NET guy, his focus is on web technologies and has been for the past 10 years. He loves working with ASP.NET MVC these days and also loves getting his hands dirty with jQuery and JavaScript. He also writes technical articles on ASP.NET for SitePoint and other various websites. Follow him on twitter @malcolmsheridan


Page copy protected against web site content infringement by Copyscape


User Feedback
Comment posted by Bandzie on Friday, November 19, 2010 5:11 AM
When and why session-less controllers should be used? Thank you in advance.
Comment posted by Malcolm Sheridan on Friday, November 19, 2010 5:55 AM
@Bandzie
They should be used when the session isn't needed, which for me is 99% of the time.
Comment posted by Nadeem Afana on Saturday, November 20, 2010 8:43 PM
Nice. However, you can combine session-less and TempData by configuring TempData to use browser cookies instead of session state.
Comment posted by Malcolm Sheridan on Saturday, November 20, 2010 9:44 PM
@Nadeem
Yes that is correct.  By default TempData uses session.  An upcoming article will address this issue.
Comment posted by Gorazd Breskvar on Sunday, November 21, 2010 1:30 AM
@Bandzie
Here is why you need to disable session
http://blog.whiletrue.com/2010/09/asp-net-mvc-sessions-and-concurrent-requests-not-what-youd-expect/
Comment posted by Graham on Sunday, November 21, 2010 5:44 PM
You should explain benefits to disabling the session.
Comment posted by Malcolm Sheridan on Sunday, November 21, 2010 7:48 PM
@Graham
Yes I should have explained the reasons on why you don't want to overuse use the session.  Session if used correctly, is a good thing.  You shouldn't disable it IMO.
Comment posted by Sergio Tapia on Monday, November 29, 2010 9:32 AM
Hi, nice little quip. Can you explain why I would want to disable session for controller? In the interest of learning! :D Thanks!
Comment posted by Sergio Tapia on Monday, November 29, 2010 9:32 AM
Hi, nice little quip. Can you explain why I would want to disable session for controller? In the interest of learning! :D Thanks!
Comment posted by Nadeem Afana on Wednesday, December 1, 2010 9:44 PM
@Sergio Tapia:
Disabling Session State will provide slight improvement in performance. Bad use of session state has proven to degrade significantly web sites performance. You normally disable it when you are not using it at all.

Hope this helps!
Comment posted by Malcolm Sheridan on Thursday, December 2, 2010 2:21 AM
@Sergio
Nadeem has summed it up nicely.  Use the session only when it's absolutely necessary.  Most of the time I only add something to uniquely identify a user in the session.  That way you remove conflicts bewteen different tabs and also increase the performance.  Rememver the web is supposed to be stateless.
Comment posted by Anders Heick on Thursday, June 7, 2012 6:30 AM

In the final version of MVC3 the attribute is (re)named:

[SessionState(SessionStateBehavior.Disabled)]

Post your comment
Name:  
E-mail: (Will not be displayed)
Comment:
Insert Cancel