Using ASP.net Session in a way to make it flexible to change from inproc session storage to either to statemanagement server or database

Until now, I was under impression that where to store your session is just a configuration switch and should not require any code change. I was having misconception that moving from inproc to state management service or database should not require any code change.

My misconception was broken when I realized that the object stored in the session needs to be serializable if they need to work with state management service or database. That means, I need to mark all those objects which I plan to put in session as serializable.

How can I make it completely flexible for the deployers to decide on the session storage. What all other things (along with serialization) I need to take care to make it work with any session storage option.

Thanks.

Update The following code should work in inproc mode but, I guess, will not work with state management or database session storage option.

UserPreferences preferences = Session["UserPreferences"]; //UserPreferences in serializable pref开发者_运维百科erence.Autologout = true; //I believe, this will only work with inproc. The updated value will not reflect in database.

The above session handling pattern is common. How to catch such issues while coding/compilation and not at run-time. Are there static code analysis rules available for appropriate session handling.