NVC.ISPSession 10.0.0

Redis Session State Library

License

This software is licensed under the LICENSE.txt. See the LICENSE file in the project root for the full license text.

Copyright (c) 2024 Nierop Computervision. All rights reserved.

Overview

The Redis Session State Library provides a robust and efficient solution for managing session state in .NET Core 6 applications and above, utilizing Redis 4 or later as the backend. Our solution leverages advanced data projection techniques to encrypt the session state, ensuring the security of your data at all times.

History

Isp Session starts right off at version 10.0 since the author published in the past Isp Session/ Asp Session for even classic asp pages which latest version was 8.2. To be seen at https://github.com/egbertn/ispsession.io Isp Session is totally being rewritten from scratch, and uses the best features possible by .NET 6.0. With that, the best practises have been applied that were learned from the previous versions.

Features

• Secure Session State Management: Encrypt session data using advanced data projection.
• High Performance: Utilize Redis 4+ for fast and reliable session state storage.
• .NET Core 6+ Support: Designed specifically for .NET Core 6 applications, ensuring compatibility and performance.
• Privacy First: No telemetry or external server connections. All customer data remains private.

Getting Started

Clone our demo from GitHub

git clone https://github.com/egbertn/ispsession.core

If Redis already has started on your local system, with all defaults, IspSession should be able to connect to it. If not, e.g. it requires a password or other setting, open appsettings.Development.json and find and edit the connection string. e.g.

"ConnectionStrings": { "IspSession": "localhost:6379,ssl=False,defaultDatabase=3" }, Start the site in debugging mode. Note from the console which port has been chosen to run the site e.g.

info: Microsoft.Hosting.Lifetime[14] Now listening on: https://127.0.0.1:7058
info: Microsoft.Hosting.Lifetime[14] Now listening on: http://127.0.0.1:5045

from the console, you can use curl e.g.

curl https://localhost:7058/counterwithapp

The result should be something like:

{
  "sessionCounter": 1,
  "isNewSession": true,
  "isExpiredSession": true,
  "sessionId": "39ecbd08-662e-4123-95e8-fc559446c73d",
  "appCounter": 2
}

Note that if you use a browser such as firefox, a cookie should be set and returned and at refreshing the url, the sessionCounter and appCounter both increment.

Other thing to keep in mind, Isp Session allows unlimited testing/developing and staging, as long as the remote IP is from a private network. As soon as proxies and or deployment is performed it may start requiring a license.

Prerequisites

• .NET Core 6.0 or later
• Redis 4.0 or later

Installation

To install the Redis Session State Library, use the following NuGet command:

dotnet add package NVC.ISPSession

Licensing / purchasing ISP Session

• Licensing needs to be done on a yearly basis You acquire licenses for external websites which are non 'loopback' As soon as ISP Session sees an external IP address or hostname it will check/verify the license
• Development thus should work without license
• Licensing can be bought out using a good amount
• Source can be requested if a legal NDA is being signed with us
• If you want to modify your license during the year you can do so using our website

How ISPSession works internally

• ISP Session in general ...

  • Handles numeric endianness
  • Uses the least possible impact on the .NET memory heap
  • Supports built-in ASP.NET Core DataProtection feature which you can turn of by configuration if you have your own data protection configuration. DataProtect is applied only to values, not to keys
  • Encrypts keys to Redis using reversible encryption AES
  • stores complex types which are stored using JSON utf-8 strings while simple data types are stored binary.
  • Optimistic concurrency strategy is being used to make sure that older data does not overwrite newer.
  • At the end of the scope will only write data if session state has changed. If nothing changed only the session key will get a new TTL (time to live) value.
  • No integration or compatibility with the asp.net core integration Session state
  • No compatibility with ASPSession / ISPSession (Core) released in 2016

• SessionState

  • All session variables are stored as one blob in a key value combination.
  • Session state can be compressed. If set, it will only do so when more than 1K of data needs to be written
  • A Session as a whole can be set to expire at a alternate time

• ApplicationState

  • Will only be activated if configured so in Program.cs Is stored as a key-set. So if one application variable is modified the others are not rewritten
  • Does not support compression (yet)
  • Individual variables can be set to expire and an event can be set to retrieve when the specified key has been expired and removed from the set. Note that redis needs to be configured to allow this feature to work, see redis.conf and the "notify-keyspace-events Ex" setting needs to be un-commented or set