About ISP Session

Some sample code

You should not modify too much to get the Session working. That's our target.

The problem we try to solve

The challenge to manage a user session state or have a performant Application Cache, server side, on different processes, web servers or web farms that serve the same website!

Company Info

ADC Cure provides 3 framework specific solutions, components, that developers can incorporate in the classic ASP pages, ASP.NET website or ASP.NET Core site, that can share the same Session variables (some limitations apply).
Some customers have used this solution for already over more than 10 years.
We provide syntax compatibility for developers, so they can quickly deploy ISP Session.
Companies don't have to spend lots of money to rewrite old technology when just e.g. maintaining the session would be a blocking factor to mix old and new pages/technology.

A little about ISP Session

In the year, 2001, I was in a project, that required (a third party) enterprise -Session state- solution, written using C++, for a commercial bank. Since this code was lacking, and not easy in usage, so I decided to write such a component myself, using VB 6 and this used ADODB to a SQL database. Funny was, that one of the first customers, more than 10 years later, asked for an upgrade .
The component allowed virtually the same syntax for Session state, as the classic ASP built in Session offered.
In 2005, this component was rewritten as a COM+ C++ component (called 'managed components', in those days), which utilized OLE DB templates.
As of Windows 2008 SP2, around 2011, the C++ component was converted back to a 'plain COM-object', which offered more compatibility and stability.
In 2014, a 'native' ASP.NET state provider, was build, which used the same persistance logic, as in C++.
However, since noSQL solutions offer incredible scalability improvements over SQL for this type of data, this provider, was adapted in 2015 to use Redis.
In November 2016, the state provider, was converted to a ASP.NET HttpModule, and AspNetCore Middleware was added, and published on Nuget.
And finally, the COM version, for Classic ASP, was adapted to use Redis as well. The C++ code has been greatly reviewed and revised, to use C++ STL, a library that one cannot beat so easily with custom code.

Running Redis Server on Windows or Linux

I've met customers, who still prefer a 'Windows only' environment. I'm not going to argue about the pros and cons, but to meet those customers's wishes, Microsoft has ported Redis server up to 3.0 which is available on Github. After the porting being archived, Tomasz Poradowski took over the maintenance of the source, and thus we have Redis 4.0.2, to our availability for download for you. Installation is quite simple.
However, Microsoft now supports running Linux binaries (even as a deamon) on Bash on Windows for Ubuntu (this is the reason that MS no longer maintains the port for Redis on Windows).
We strongly advise you, to run and configure that, or even better, if you have a Linux box running, to setup and use Redis server on that.Since the ported code has a lesser history of being stable than the branch, which is commonly ran on Linux.

Running Redis Server, a native Linux binary on Windows and Bash

The supported configuration of Redis

Redis server is very flexible and advanced in mode of operation. There are master/slaves combinations, and encryption variants, not yet tested with ISP Session/Cache.
Up to now, a master deployment with or without a password or a specific database, can be specified in the connection string.
Since our performance tests show, that Redis hardly can be stressed by ISP Session/Cache, it seems to be sufficient to run a single instance of Redis to support our products.
If you have a situation where that is not the case, we would be happy to expand the possibilities.


How ISP Cache works

ISP Cache is highly optimized to reduce the number of TCP (relatively expensive) roundtrips to Redis server, thus greatly improving scalability of your web site
ISP Cache, maintains a list of keys for an application (configurable unique for a site). At page initialization, the keys are feteched in a single fetch, since Redis supports this.
At the time the page goes out of scope (PageOnEnd e.g.), only the variables that have modified or are removed are serialized back to Redis, again, using a single operation. If nothing has changed, obviously, this will not cause a write-back to Redis
The Classic ISP Cache component, is a COM component, written using C++ 11 and ATL libraries, thus using the best technology available for Classic ASP.

Plugin types

  • In classic ASP,
    an #include file loads and activates ISP Cache. The include file can be the same file as the the one which is used for initialization of ISP Session.
  • classic ASP.NET
    After loading the product using nuget.org (Visual Studio 2013 has a console for this), the web.Config is set to load a Http Module, which loads ISP Cache for ASP.NET.
  • ASP.NET Core.
    After loading the product using nuget.org, project.json is modified, to load an extra dependency. The ISP Cache dependency must be configured at 'Startup' using extensions on IApplicationBuilder.
  • ISP Cache. Since global cache uses a different concept than Session state, caching utilises a minimal roundtrip approach. If one global cached variable changes, only one transaction is comitted on Redis, if e.g. 2 variables are changed, they are stored using the same transaction. This is feasable using the Redis 'KEYSET' feature..


If you plan to hit a single variable or array for your solution, being highly synchronized, e.g. for a chatting solution, we do not yet advise this product. Optimistic Locking and protecting variables is done by Redis itself, so no variable read/write should experience any web-lock or corruption, however, a pessimistic locking schema has not yet been implemented in this version of ISP Cache 8.2. The next release will support the Redlock alghorithm

How ISP Session State works

Basically, all three runtimes run on the same principle, at loading the serverside page, it uses a http cookie as a session token/key. The key is used to fetch a Blob, per session from Redis. The Blob is unpacked/deserialized into a dictionary and given to the ASP.NET runtime. The reverse happens when the ASP runtime unloads the page.

Plugin Types
  • In classic ASP,
    an #include file loads and activates ISP session. The Built In Session state managed by IIS, must be disabled by using a page directive or by IIS management using the classic ASP Application Settings.
    The library is available through nuget.org, the web.Config is modified to load a Http Module, which replaces the Microsoft Session State manager.
  • ASP.NET Core.
    After loading the product using nuget.org, project.json is modified, to load an extra dependency. The dependency must be configured at 'Startup' using extensions on IApplicationBuilder. To get the same Session object within MVC/forms a base class must have a Session property to expose the Session object to other developers.

ISP Session (de)serialises using a binary pattern. For this reason, serialisation hardly has any impact on your web server process.
The starting point of the binary pattern is, that it tries to store the variables as compact as possible.
COM objects are converted first, to a byte array, only if the object support the IStream interface.
Since .NET allows interop with COM, it is theoretically possible to share the object at .NET side as well, if it was 'generated' at classic ASP. However, persisting objects, into the session, is considered a bad practise today. It is more preferable to store the data itself, not the Object.
But since many old-school, classic ASP projects, do persist ADODB.Recordsets, the feature is supported still.

Sample code


  • In classic ASP,
    <!--#include file="ispsession.asp"-->
    <!DOCTYPE html>
    <% Session("CountRefresh") = Session("CountRefresh") + 1% >
    <span>The Counter is:<span>
    <span><% =("CountRefresh")%></span>
  • classic ASP.NET
    Note: This is ASP.NET forms syntax. MVC is supported as well
    public partial class _Default : Page
    protected override void
    OnLoad(EventArgs e)
    Session["CountRefresh"] = (int)(Session["CountRefresh"] ?? 0) + 1;
    Session["Blah"] = "Hello";
  • ASP.NET Core.
    using System;
    using Microsoft.AspNetCore.Mvc;
    using ispsession.io;
    namespace WebApplication11.Controllers
        public class HomeController : Controller
            // a helper method is required, implement this e.g. in a BaseController class
            protected IISPSession Session
                    var feature = (ISPSessionFeature)HttpContext.Features[typeof(ISPSessionFeature)];
                    return feature.Session;
            public IActionResult Index()
                Session["CountRefresh"] = (int)(Session["CountRefresh"] ?? 0) + 1;
                Session["Blah"] = "Hello";
                //Yes, the peculiar AspNetCore syntax works as well
                HttpContext.Session.Set("mykey", BitConverter.GetBytes(123));
                //get it using our broker
                byte[] meykey = (byte[])Session["mykey"];
                return View();