what is the efficient way to store session variable

My asp.net application is deployed on a load balance system. And I just want to keep a user's role (a string) in a whole session. I was told that session info in asp.net is stored in the database so I don'开发者_如何学JAVAt want to the asp.net engine to access DB ecah time a user switch between pages. neither do I want to get the role from my own DB each time when I need check user's role. I know one way is to store the role info in a hiden field. what is the efficient way to store a constant session value?

session has three modes. The mode setting supports three options: inproc, sqlserver, and stateserver. you need load balance, the inproc is out automatically. you can configure to use either sqlserver or stateserver.

If you want to avoid DB accesses, you might use cookies to store the user's role instead of session state. You can encrypt / encode the cookie if you need to for security reasons (perhaps using the session ID as part of the key). Cookies work fine in a load-balanced scenario, since they are sent by the browser to the server with every request. Just be sure to set the path attribute on the cookie (and possibly HttpOnly), to limit the URLs that the browser attaches it to.

Note that if you're using the built-in ASP.NET Membership providers, role membership and related details are handled for you automatically by the providers.

You could also use a cookie. Session data is stored by default in memory, so i guess you have it configured to be stored in a database in order to be available on all servers in the farm. If you can store it in memory, you could use this approach to deal with the load balancing:

if (Session["Role"] == null)
   Session["Role"] = GetUserRole();

This will result in trips to the database only once per server.

More details about Session state here.

If "role" has something to do with permissions it would not be a good idea to store it in a hidden field or an other means that would enable it to be edited from the client side such as in viewstate with talking asp.net.

I am a big hater on session, especially if you are using it to hopefully improve performance. What you probably really want is caching and there a number of great solutions you can look into. Right away you can take advantage of the Cache data dictionary that is built into asp.net and is exposed as a member on the page class. The cache will essentially serialize anything you put in it and store it in memory. Using the cache object will work best with a single server setup. Since you are using load balanacing you will probably want to take advantage of a distribute cache system like Memcached or AppFabric Caching (Previously Codename Velocity). Memcahed is used by a lot of big sites such a Twitter where as AppFabric is a new Microsoft product that is just becoming available but should have good support and integration with other Microsoft technologies such as Asp.Net.

With distributed caching you avoid going back to the database and you essentially trade this off for a trip to your cache. The reason why this is more efficient for starters is that the cache only has to worry about efficiently storing items which have been recently accessed where as the database must store everything.

Also I want to point out that you may choose to avoid the distribute caching route if you are using server affinity with your load balancer. Technically you could use it without server affinity as well but you will have a lot more cache misses.