How can I disable session state in ASP.NET MVC?

Asked 19/5, 2009 at 20:28 Answered 2/5, 2020 at 22:35

Solved asp.net-mvc session-state tempdata

I would like to have a very lightweight ASP.NET MVC site which includes removing as many of the usual HttpModules as possible and disabling session state. However when I try to do this, I get the following error:

The SessionStateTempDataProvider requires SessionState to be enabled.

I've disabled session state in web.config:

<sessionState mode="Off" />

I understand that ASP.NET MVC uses session state for TempData, but I don't need/want TempData - I just want to disable session state. Help!

Catfish answered 19/5, 2009 at 20:28 Comment(4)

Nice idea - I'd be interested to hear if you encountered any other issues with this and how lightweight you were able to get in the end. – Outworn 28/8, 2009 at 12:0

I didn't do much more experimenting after I implemented Steve's changes, but there was still a fair amount of overhead. The fastest I've been able to get ASP.NET going has been with straight IHttpHandler implementations. See my answer here for more info: #510478 – Catfish 28/8, 2009 at 15:1

This is fixed in MVC 2. We fixed the session state temp data provider that it won't throw unless you actually try to read/write the temp data. – Sororate 28/8, 2009 at 16:40

Brad: Excellent, good to know! – Catfish 28/8, 2009 at 17:9

You could make your own ControllerFactory and DummyTempDataProvider. Something like this:

public class NoSessionControllerFactory : DefaultControllerFactory
{
  protected override IController GetControllerInstance(Type controllerType)
  {
    var controller = base.GetControllerInstance(controllerType);
    ((Controller) controller).TempDataProvider = new DummyTempDataProvider();
    return controller;
  }
}


public class DummyTempDataProvider : ITempDataProvider
{
  public IDictionary<string, object> LoadTempData(ControllerContext controllerContext)
  {
    return new Dictionary<string, object>();
  }

  public void SaveTempData(ControllerContext controllerContext, IDictionary<string, object> values)
  {
  }
}

And then you would just need to register the controller factory on app startup - e.g. you could do this in global.asax:

ControllerBuilder.Current.SetControllerFactory(new NoSessionControllerFactory());

Safeconduct answered 19/5, 2009 at 20:40 Comment(9)

Thanks... still not ideal (to me at least), but still better than doing it on each controller. – Catfish 19/5, 2009 at 20:54

Sorry, that sounded really ungrateful... didn't mean it to be :D – Catfish 19/5, 2009 at 20:56

hehe, no problem :) I understand it could seem like more code than you'd ideally want for what seems like it should be a configurable thing, but one of the big strengths of ASP.NET MVC is this type of configuration through providing alternative implementations via code. It gives you a lot of power to get in there and do things the way you want and overall I'd say it's really a 'good thing'. Personally I prefer typing C# code than xml anyway ;) – Safeconduct 20/5, 2009 at 8:38

Hi Steve. I just implemented your code in my proj. It works well. Thanks! Now I have Session disabled. – Dittany 21/7, 2009 at 3:1

I added one more piece to my solution in the SaveTempData method: if ( values.Count != 0 ) throw new NotImplementedException("Can not set tempdata, no session state available"); tinyurl.com/mbegfr – Niobous 28/8, 2009 at 13:24

Good idea Bill, that would avoid some hard-to-debug missing state issues I'm sure :) – Safeconduct 28/8, 2009 at 14:55

This was improved with MVC3, just add [SessionState(SessionStateBehavior.Disabled)] to your controller. – Mozell 4/8, 2011 at 16:8

Or use <sessionState mode="Off" /> to disable it globally. This is an ancient bug fixed doggie decades ago. – Scoliosis 28/5, 2014 at 22:54

@Scoliosis You're saying to do exactly what the OP says he did. But in doing so he's getting the SessionStateTempDataProvider required error. – Caralie 4/12, 2019 at 2:39

I've found one way, which I don't particularly care for:

Create NoTempDataProvider

using System;
using System.Collections.Generic;
using System.Web.Mvc;

namespace Facebook.Sites.Desktop.Auth.Models
{
    public class NoTempDataProvider : ITempDataProvider
    {
        #region [ ITempDataProvider Members ]

        public IDictionary<String, Object> LoadTempData(ControllerContext controllerContext)
        {
            return new Dictionary<String, Object>();
        }

        public void SaveTempData(ControllerContext controllerContext, IDictionary<String, Object> values) { }

        #endregion
    }
}

Manually Overwrite the Provider in the Controller

public class AuthController : Controller
{
    public AuthController()
    {
        this.TempDataProvider = new NoTempDataProvider();
    }
}

I would greatly prefer a way to do this completely via the configuration, but this works for now.

Catfish answered 19/5, 2009 at 20:37 Comment(2)

Yes, your way is similar to the way I outlined in my answer - although you don't have to manually override the TempDataProvider in each controller if you provide a custom ControllerFactory to handle it for you. – Safeconduct 19/5, 2009 at 20:43

You can also create a base Controller class, and configure the TempDataProvider in it's constructor. – Psych 28/8, 2009 at 15:39

If you need to use TempData for simple strings, you can use the CookieTempDataProvider in MvcFutures http://aspnet.codeplex.com/Release/ProjectReleases.aspx?ReleaseId=24471.

Worrell answered 28/8, 2009 at 15:40 Comment(0)

According to Brad Wilson, this has been fixed in MVC 2 Preview 1. See here and here.

Mehetabel answered 28/8, 2009 at 23:44 Comment(0)

Modern solution:

In ASP.NET, if you do not use the Session object to store any data or if any of the Session events (Session_OnStart or Session_OnEnd) is handled, session state is disabled.

So not using Session (or TempData), disables Session State.

Source

Unpolled answered 2/5, 2020 at 22:35 Comment(0)

Recommended topics

Hot tags