In-proc and Out-proc session

In-proc session state

An in-process server, also known as InProc, operates within the same process as the calling application. It closely resembles a standard function call on a dynamic-link library (DLL). InProc session mode stores session data in memory on the web server, necessitating the use of a "sticky-server" configuration or disabling load-balancing to ensure that users are consistently redirected to the same web server.

When using InProc session mode, the session state is stored locally within the AppDomain of the web application. Consequently, the session state is lost when the Internet Information Services (IIS) restarts. InProc session mode is suitable for small, highly stable websites, and may even be considered the preferred option. One advantage of InProc is its ability to store any memory object in the session. However, it's important to be cautious when storing large objects as it can lead to potential issues.

Outproc session state

StateServer mode, also known as OutProc, involves storing session state in a separate process called the ASP.NET state service. This approach ensures that the session state is retained even if the web application is restarted and allows for session state to be accessible across multiple web servers in a web farm. However, when calling an OutProc server, data must be marshalled across the process boundary, which can be an expensive operation.

OutProc session mode is primarily utilized in scenarios where the application is deployed in a web farm or web garden environment. It is particularly useful in situations where issues may arise, such as modifying the web.config file or the bin folder during runtime or when the IIS server restarts. One significant advantage of StateServer mode is that it safeguards against data loss even if the application crashes.