Configure Sessions in .net core

By: Chris Dunn

With .net core, if you want to use functionality you will, in most cases, need to explicitly configure it yourself via middle ware.  This is actually a good thing.  It keeps your code and dependencies clean.  So if we want to utilize sessions in our application, we'll need to configure the middle ware.

Configuring Sessions

Even though you need to configure it yourself, it's not hard by any means. I'll explain the process and then show the code.  First you will need to add the following code in the ConfigureServices method of the Startup class in your project. We need to include a MemoryCache to store our sessions. Two options you have are Distributed Memory Cache and Distributed SQL Server Cache.

DistributedMemoryCache is good for development and a simple server structure. Distributed SQL works better for more complex environments. In the code below we are using both, one for development and then SQL for production.

The last command is to AddSession(...) to the services. The IdleTimeout option sets the how long the sessions will stay active if there is no activity from the user. Basically requests that are processed by the .net core middleware will reset the Idle Timeout and keep the session active.  I suggest you store your session settings in the appSettings.json file for easier maintenance.

public void ConfigureServices(IServiceCollection services)
{
...

   if (Environment.IsDevelopment())
    {
        services.AddDistributedMemoryCache();
    }
    else
    {
        services.AddDistributedSqlServerCache(options =>
        {
            options.ConnectionString = 
                appSettings.SqlCacheConn;
            options.SchemaName = "dbo";
            options.TableName = "TestCache";
        });

        services.AddSession(options =>
            {
                options.IdleTimeout = TimeSpan.FromSeconds(appSettings.SessionTimeout);
                options.Cookie.HttpOnly = true;
                
            });
...
}

Lastly, to configure sessions we need to add the UseSession() command to the Configure method in Startup. This command needs to be placed before UseMVC() or an exception will be thrown.

public void Configure(IApplicationBuilder app)
{
    app.UseSession();

}

Working with Sessions

Now that sessions are configured, using them is not that complicated. The HttpContext object contains the Session values and is available to your controllers. Nothing you need to inject. In order to use the following extension methods though, you will need to import the following namespace.

using Microsoft.AspNetCore.Http;

Now to get and set session values simply use the GetString, SetString, GetIn32 and SetInt32 extension methods.

    var stringvalue = HttpContext.Session.GetString("stringvalue");
    HttpContext.Session.SetString("stringvalue", stringvalue);

    var intvalue = HttpContext.Session.GetInt32("intvalue");
    HttpContext.Session.SetInt32("intvalue", intvalue.Value);

If you want to store an complex object in session you need to make sure it's serializable and convert to JSON. I'll save that for another post.