Description
I am migrating from asp.net framework 4.7 to core 3.0 - and i understand asp.net core team wants us to go away from sessions - however it is not practical for Change Management for such large projects. There are budget constraints, time constraints and it is important we move away from certain old ways of doing things in a phased manner - while reusing maximum that we can and keep release time shorter.
Session is one of the important aspect of any large scale applications containing complex forms.
I am right now left with following choices in asp.net core:
- Shift session to client browser
- or Store the session in database
Either of them will be a huge change which we didn't want to pick up at this stage.
Either ways - an application cannot do without sessions - it is a matter of choice where to keep it - but that should be a call of the development team.
1. Combo of Session and Serialisation leads to many bugs in a threaded environment
Microsofts documentation recommend to serialise the object and store in session - but serialisation is not same as object - going through the process of serialisation and deserialisation we are essentially creating a new object each time and allocating a different memory space to it - which creates problem when user is rapidly making entry and series of parallel requests go to the server that need to perform some operations on the same object
Most of my application is stateless except for this 2 aspects for which we need session
- User object that is created after successful sign in and it contains the following key properties:
- one to many Company accounts that user is allowed to login to
- one to many permissions
- one to many Locations object that they have access to
- A user will be working on certain forms - while they are creating a Purchase Order or an Invoice or opening a Production Job or entering accounts - each of this form while it is active in browser is encapsulated in a WorkingObject and then stored in the session to enable faster CRUD operations
- The WorkingObject is removed from session as soon as the task is complete or canceled or user closes browser or no activity on that object for over a minute (eg user switched to another activity)
- The WorkingObject is quite complex and is not a suitable candidate for serialisation - it contains composition and each composition can dynamically point to an array of objects: eg: a Invoice WorkingObject can have following composition: header, array of line items, total tax, optional fields, terms of payment - and each of these objects have their own nesting - eg: a line item can have item, pricing, tax, discount policies, cost breakup, a pointer to line item in sales order.
My session had a timeout of 5 mins : and i have implemented heartbeat strategy to keep it active till the user browser is active on any WorkingObject.
My humble suggestion is to provide feature to store object in Session so that legacy code can be migrated easily
I understand eventually we need to move away from session for scalability and server farming - but that is again the choice of the development team - decision of which is based upon time, budget, technology, business model, product model, application needs and user behaviour.