Understanding ASP.NET Core Sessions: A Beginner-Friendly Guide

What We’ll Learn

In this guide, we’ll cover:

What sessions are and why they’re important.
How to set up and configure sessions in ASP.NET Core.
How to store and retrieve session data in your application.

By the end, you’ll have a working example of sessions in ASP.NET Core and the knowledge to use them in your projects. Let’s dive in!

What is a Session?

In web development, a session is a way to store user-specific data temporarily while they interact with your application. Think of it as a short-term memory for your app—it remembers things like login status, user preferences, or items in a shopping cart as the user navigates through your site.

Sessions are especially useful because HTTP, the protocol behind the web, is stateless. This means that each request to the server is independent and doesn’t remember anything about previous requests. Sessions help bridge this gap by maintaining user data across multiple requests.

Why Use Sessions?

Here are a few common use cases for sessions:

User Authentication: Store login information so users don’t have to log in repeatedly.
Shopping Carts: Keep track of items a user adds to their cart.
User Preferences: Save settings like theme or language preferences.
Temporary Data Storage: Store data that’s only needed for a short period.

How to Use Sessions in ASP.NET Core

Let’s break it down step by step. I’ll guide you through setting up and using sessions in an ASP.NET Core application.

Step 1: Install the Required Package

To use sessions in ASP.NET Core, you need the Microsoft.AspNetCore.Session package. If you’re using .NET 6 or later, this package is included by default. If not, you can add it via NuGet Package Manager or by editing your .csproj file:

<PackageReference Include="Microsoft.AspNetCore.Session" Version="2.2.0" />

Step 2: Configure Session Services

Next, you need to configure session services in the Program.cs file (or Startup.cs if you’re using an older version of ASP.NET Core). Here’s how:

var builder = WebApplication.CreateBuilder(args);

// Add session services
builder.Services.AddDistributedMemoryCache(); // Required for session storage
builder.Services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromMinutes(30); // Session expires after 30 minutes
    options.Cookie.HttpOnly = true; // Ensures the cookie is only accessible by the server
    options.Cookie.IsEssential = true; // Marks the session cookie as essential
});

builder.Services.AddControllersWithViews();

var app = builder.Build();

Step 3: Enable Session Middleware

After configuring the services, you need to enable the session middleware in the request pipeline. Add the following line before app.UseRouting():

app.UseSession();

Your Program.cs file should now look something like this:

var app = builder.Build();

if (app.Environment.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}
else
{
    app.UseExceptionHandler("/Home/Error");
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseSession(); // Enable session middleware

app.UseRouting();

app.UseAuthorization();

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

app.Run();

Step 4: Using Sessions in a Controller

Now that sessions are set up, let’s see how to use them in a controller. Here’s an example:

using Microsoft.AspNetCore.Mvc;

public class HomeController : Controller
{
    // Action to set a session value
    public IActionResult SetSession()
    {
        HttpContext.Session.SetString("Username", "JohnDoe");
        return Content("Session value set!");
    }

    // Action to retrieve a session value
    public IActionResult GetSession()
    {
        var username = HttpContext.Session.GetString("Username");
        if (string.IsNullOrEmpty(username))
        {
            return Content("No session value found.");
        }
        return Content($"Hello, {username}!");
    }
}

Step 5: Test Your Application

Run your application using dotnet run or your IDE.
Navigate to /Home/SetSession to store a session value.
Navigate to /Home/GetSession to retrieve the session value.

If everything is set up correctly, you’ll see:

After visiting /Home/SetSession: "Session value set!"
After visiting /Home/GetSession: "Hello, JohnDoe!"

Key Points to Remember

Session Timeout: Sessions are temporary and expire after a certain period (e.g., 30 minutes). You can adjust this in the IdleTimeout option.
Session Storage: By default, sessions are stored in memory using AddDistributedMemoryCache(). For production, consider using a distributed cache like Redis or SQL Server.
Security: Always mark session cookies as HttpOnly and Secure (if using HTTPS) to protect against client-side attacks.

Conclusion

Congratulations! 🎉 You’ve just learned how to use sessions in ASP.NET Core. Sessions are a powerful tool for managing user-specific data, and mastering them is a key step in becoming a proficient web developer.

PreviousA Beginner's Guide to Middleware in ASP.NET Core NextBuilding a Custom Login Flow in ASP.NET Core: A Beginner-Friendly Guide

Last updated 1 year ago

hashtagWhat We’ll Learn

hashtagWhat is a Session?

hashtagWhy Use Sessions?

hashtagHow to Use Sessions in ASP.NET Core

hashtagStep 1: Install the Required Package

hashtagStep 2: Configure Session Services

hashtagStep 3: Enable Session Middleware

hashtagStep 4: Using Sessions in a Controller

hashtagStep 5: Test Your Application

hashtagKey Points to Remember

hashtagConclusion