Provides scalable session state and application state management using Redis, designed for distributed ASP.NET Core backends. Supports BFF, OpenID Connect, and high-performance scenarios without relying on in-memory session state.
Redis backed Session State and Application State Library
Thank you for your support. I am sure you will love ISP Session.
License
This software is licensed under the terms found in the LICENSE.txt file located in the project root. Please refer to the LICENSE file for the full text of the license.
https://buymeacoffee.com/egbert
Isp Session provides a mechanism, utilizing cookies, headers, or even IP addresses**, to maintain state affinity in your REST API or ASP.NET 8+ driven website. It facilitates application-level caching by combining Application State and Session State, which can be utilized together or independently.
Benefits using ISP Session vs directly calling Redis.
Bundle GET/SETs/DEL(ete) using Asp.Net Scope
Using automatic state compression
Lightweight mechanism
Application Key Expiration event(s)
Increased Session Security by encryption
** We adhere to privacy laws by implementing obfuscation for IP addresses when this feature is utilized.
Overview
The Redis Session State Library offers a robust and efficient solution for session state management in .NET 8 applications, leveraging Redis 4 or later as the backend. Our solution employs advanced data projection techniques for encrypting the session state, securing your data at all times.
History
Isp Session debuts at version 10.0, following the author's previous releases of Isp Session/Asp Session for classic ASP pages, which reached version 8.2. Available at https://github.com/egbertn/ispsession.io, Isp Session has been completely rewritten from scratch to leverage the best features of .NET 8.0, incorporating best practices learned from previous versions.
Features
Secure Session State Management: Encrypts session data using advanced data projection techniques.
High Performance: Utilizes Redis 4+ for fast and reliable session state storage.
NET 8+ Support: Specifically designed for .NET 8 or higher applications to ensure compatibility and optimal performance.
Privacy First Approach: Operates without telemetry or external server connections, keeping all customer data private.
If Redis is already running on your system with default settings, IspSession should connect seamlessly. Otherwise, for custom settings like a required password, modify the connection string in appsettings.Development.json. For example:
Start the site in debugging mode and note the chosen port from the console output, e.g.:
info: Microsoft.Hosting.Lifetime[14] Now listening on: https://127.0.0.1:7058
info: Microsoft.Hosting.Lifetime[14] Now listening on: http://127.0.0.1:5045
Using a browser like Firefox should set and return a cookie, and refreshing the URL should increment both the sessionCounter and appCounter.
Note: Isp Session supports unlimited testing, development, and staging as long as the remote IP originates from a private network. License requirements are enforced upon deployment or when proxies are detected.
Redis configuration. If you want expiration notifications which ISP Session supports, you should modify redis.conf
to have this line (at least including Ex)
notify-keyspace-events Ex
ISP Session attempts to set this configuration dynamically, which is not permanent, but it is preferable to modify redis.conf (permanently) since restrictions may be applied to software using Redis (such as ISP Session).
Prerequisites
.NET 8.0 or later
Redis 4.0 or later
Installation
To install the Redis Session State Library, execute the following NuGet command:
dotnet add package NCV.ISPSession
Licensing / purchasing ISP Session
Use of ISP Session is free, but to buy a big cup of coffee for me would be appreciated
How ISPSession works internally
ISP Session optimizes performance through techniques like handling numeric endianness, minimal .NET memory heap impact, AES encryption for Redis keys, and efficient storage for complex and simple data types. It employs an optimistic concurrency strategy to prevent data overwrites and writes session state changes only when necessary, ensuring efficient data management and security.
SessionState
Manages session variables as a single blob, supporting optional compression for large data sets.
ApplicationState:
Activated via configuration, storing variables individually to optimize performance and support variable-specific expiration events.