[MS-ASP]:
ASP.NET State Server Protocol
Intellectual Property Rights Notice for Open Specifications Documentation
§ Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions.
§ Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation.
§ No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
§ Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise or the Microsoft Community Promise. If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting .
§ Trademarks. The names of companies and products contained in this documentation might be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit www.microsoft.com/trademarks.
§ Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events that are depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than as specifically described above, whether by implication, estoppel, or otherwise.
Tools. The Open Specifications documentation does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments, you are free to take advantage of them. Certain Open Specifications documents are intended for use in conjunction with publicly available standards specifications and network programming art and, as such, assume that the reader either is familiar with the aforementioned material or has immediate access to it.
Revision Summary
Date / Revision History / Revision Class / Comments /12/18/2006 / 0.1 / New / Version 0.1 release
3/2/2007 / 1.0 / Major / Version 1.0 release
4/3/2007 / 1.1 / Minor / Version 1.1 release
5/11/2007 / 1.2 / Minor / Version 1.2 release
6/1/2007 / 1.2.1 / Editorial / Changed language and formatting in the technical content.
7/3/2007 / 1.2.2 / Editorial / Changed language and formatting in the technical content.
7/20/2007 / 1.2.3 / Editorial / Changed language and formatting in the technical content.
8/10/2007 / 1.2.4 / Editorial / Changed language and formatting in the technical content.
9/28/2007 / 2.0 / Major / Updated and revised the technical content.
10/23/2007 / 2.0.1 / Editorial / Changed language and formatting in the technical content.
11/30/2007 / 2.0.2 / Editorial / Changed language and formatting in the technical content.
1/25/2008 / 3.0 / Major / Updated and revised the technical content.
3/14/2008 / 4.0 / Major / Updated and revised the technical content.
5/16/2008 / 4.0.1 / Editorial / Changed language and formatting in the technical content.
6/20/2008 / 4.1 / Minor / Clarified the meaning of the technical content.
7/25/2008 / 4.1.1 / Editorial / Changed language and formatting in the technical content.
8/29/2008 / 4.1.2 / Editorial / Changed language and formatting in the technical content.
10/24/2008 / 5.0 / Major / Updated and revised the technical content.
12/5/2008 / 5.0.1 / Editorial / Changed language and formatting in the technical content.
1/16/2009 / 5.0.2 / Editorial / Changed language and formatting in the technical content.
2/27/2009 / 5.0.3 / Editorial / Changed language and formatting in the technical content.
4/10/2009 / 5.0.4 / Editorial / Changed language and formatting in the technical content.
5/22/2009 / 5.0.5 / Editorial / Changed language and formatting in the technical content.
7/2/2009 / 6.0 / Major / Updated and revised the technical content.
8/14/2009 / 6.0.1 / Editorial / Changed language and formatting in the technical content.
9/25/2009 / 6.1 / Minor / Clarified the meaning of the technical content.
11/6/2009 / 7.0 / Major / Updated and revised the technical content.
12/18/2009 / 7.0.1 / Editorial / Changed language and formatting in the technical content.
1/29/2010 / 7.1 / Minor / Clarified the meaning of the technical content.
3/12/2010 / 7.1.1 / Editorial / Changed language and formatting in the technical content.
4/23/2010 / 7.1.2 / Editorial / Changed language and formatting in the technical content.
6/4/2010 / 7.1.3 / Editorial / Changed language and formatting in the technical content.
7/16/2010 / 8.0 / Major / Updated and revised the technical content.
8/27/2010 / 8.0 / None / No changes to the meaning, language, or formatting of the technical content.
10/8/2010 / 8.0 / None / No changes to the meaning, language, or formatting of the technical content.
11/19/2010 / 8.0 / None / No changes to the meaning, language, or formatting of the technical content.
1/7/2011 / 8.0 / None / No changes to the meaning, language, or formatting of the technical content.
2/11/2011 / 8.0 / None / No changes to the meaning, language, or formatting of the technical content.
3/25/2011 / 8.0 / None / No changes to the meaning, language, or formatting of the technical content.
5/6/2011 / 8.0 / None / No changes to the meaning, language, or formatting of the technical content.
6/17/2011 / 8.1 / Minor / Clarified the meaning of the technical content.
9/23/2011 / 8.1 / None / No changes to the meaning, language, or formatting of the technical content.
12/16/2011 / 9.0 / Major / Updated and revised the technical content.
3/30/2012 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
7/12/2012 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
10/25/2012 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
1/31/2013 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
8/8/2013 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
11/14/2013 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
2/13/2014 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
5/15/2014 / 9.0 / None / No changes to the meaning, language, or formatting of the technical content.
6/30/2015 / 10.0 / Major / Significantly changed the technical content.
10/16/2015 / 10.0 / None / No changes to the meaning, language, or formatting of the technical content.
7/14/2016 / 10.0 / None / No changes to the meaning, language, or formatting of the technical content.
3/16/2017 / 11.0 / Major / Significantly changed the technical content.
Table of Contents
1 Introduction 7
1.1 Glossary 7
1.2 References 7
1.2.1 Normative References 8
1.2.2 Informative References 8
1.3 Overview 8
1.4 Relationship to Other Protocols 9
1.5 Prerequisites/Preconditions 9
1.6 Applicability Statement 9
1.7 Versioning and Capability Negotiation 9
1.8 Vendor-Extensible Fields 9
1.9 Standards Assignments 9
2 Messages 10
2.1 Transport 10
2.2 Message Syntax 10
2.2.1 Common Definitions 10
2.2.1.1 Digit 10
2.2.1.2 Octet 10
2.2.1.3 Carriage Return Line Feed 10
2.2.1.4 Space 10
2.2.1.5 Delimiter 10
2.2.1.6 Stringtext 11
2.2.2 Common HTTP Headers and Fields 11
2.2.2.1 HTTP Version 11
2.2.2.2 Host Header 11
2.2.2.3 Content Length 11
2.2.2.4 Content 11
2.2.3 State Server Headers and Fields 11
2.2.3.1 Application Identifier 11
2.2.3.2 Application Domain Identifier 11
2.2.3.3 Session Identifier 12
2.2.3.4 ASP.NET Version 12
2.2.3.5 Timeout 12
2.2.3.6 Exclusive Lock Acquire 12
2.2.3.7 Exclusive Lock Release 12
2.2.3.8 Lock Date 13
2.2.3.9 Lock Cookie 13
2.2.3.10 Lock Age 13
2.2.3.11 Extra Flags 13
2.2.3.12 Action Flags 14
2.2.3.13 Unique identifier 14
2.2.4 Response Status Codes 14
2.2.4.1 Response Status Code - OK 14
2.2.4.2 Response Status Code - Bad Request 14
2.2.4.3 Response Status Code - Not Found 14
2.2.4.4 Response Status Code - Locked 15
2.2.5 Messages 15
2.2.5.1 Get_Request 15
2.2.5.2 Get_Response 15
2.2.5.3 GetExclusive_Request 16
2.2.5.4 GetExclusive_Response 17
2.2.5.5 Set_Request 17
2.2.5.6 Set_Response 17
2.2.5.7 ReleaseExclusive_Request 18
2.2.5.8 ReleaseExclusive_Response 18
2.2.5.9 Remove_Request 19
2.2.5.10 Remove_Response 19
2.2.5.11 ResetTimeout_Request 19
2.2.5.12 ResetTimeout_Response 20
3 Protocol Details 21
3.1 Server Details 21
3.1.1 Abstract Data Model 21
3.1.2 Timers 21
3.1.3 Initialization 21
3.1.4 Higher-Layer Triggered Events 21
3.1.5 Processing Events and Sequencing Rules 21
3.1.5.1 Processing Non-Exclusive Get Requests 21
3.1.5.2 Processing Exclusive Get Requests 22
3.1.5.3 Saving Session Data with a Set Request 23
3.1.5.4 Releasing an Exclusive Session State Lock 24
3.1.5.5 Removing Session State 24
3.1.5.6 Resetting Session State Time-out 25
3.1.6 Timer Events 25
3.1.7 Other Local Events 25
3.2 Client Details 26
3.2.1 Abstract Data Model 26
3.2.2 Timers 26
3.2.3 Initialization 26
3.2.4 Higher-Layer Triggered Events 26
3.2.5 Processing Events and Sequencing Rules 26
3.2.5.1 Non-Exclusive Get Requests 26
3.2.5.2 Exclusive Get Requests 27
3.2.5.3 Saving Session Data with a Set Request 27
3.2.5.4 Releasing an Exclusive Session State Lock 27
3.2.5.5 Removing Session State 28
3.2.5.6 Resetting Session State Time-out 28
3.2.6 Timer Events 28
3.2.7 Other Local Events 28
4 Protocol Examples 29
5 Security 32
5.1 Security Considerations for Implementers 32
5.2 Index of Security Parameters 32
6 Appendix A: Product Behavior 33
7 Change Tracking 35
8 Index 36
1 Introduction
The ASP.NET State Server Protocol is a contract for transmitting session state data between a client and a state server. This protocol is used for interaction between a client application that requires persistent session state storage, and an out-of-process state server responsible for storing session state. The data that flows between the client application and a state server is transmitted using the Hypertext Transfer Protocol (HTTP).
Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.
1.1 Glossary
This document uses the following terms:
application domain: A virtual process space within which managed code applications are hosted and executed. It is possible to have multiple managed code applications running inside a single process. Each managed code application runs within its own application domain and is isolated from other applications that are running in separate application domains. An application domain has a unique identifier used as part of the identifying key on a state server when storing and retrieving session data.
ASP.NET: A web server technology for dynamically rendering HTML pages using a combination of HTML, Javascript, CSS, and server-side logic. For more information, see [ASPNET].
ASP.NET state server: A Windows service that provides a default server implementation of the ASP.NET State Server Protocol. When the service is enabled on a computer, that computer can act as a state server. The state server accepts requests to load, store, delete, and temporarily lock Session state items.
Hypertext Transfer Protocol (HTTP): An application-level protocol for distributed, collaborative, hypermedia information systems (text, graphic images, sound, video, and other multimedia files) on the World Wide Web.
session state: In ASP.NET, a variable store on a server for storing and retrieving values for a user while the user navigates ASP.NET pages in a web application. Session state is typically used to store user-specific information between postbacks. Each user maintains a separate session state on the server.
Uniform Resource Locator (URL): A string of characters in a standardized format that identifies a document or resource on the World Wide Web. The format is as specified in [RFC1738].
user session identifier: A unique identifier used as part of the identifying key when storing and retrieving session data.
web application identifier: Each ASP.NET application running on a web server is uniquely identified with a web application identifier. The web application identifier is the virtual path of the web application on the web server. A web application identifier is used as part of the identifying key on a state server when storing and retrieving session data for a specific browser session.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.
1.2 References
Links to a document in the Microsoft Open Specifications library point to the correct section in the most recently published version of the referenced document. However, because individual documents in the library are not updated at the same time, the section numbers in the documents may not match. You can confirm the correct section numbering by checking the Errata.
1.2.1 Normative References
We conduct frequent surveys of the normative references to assure their continued availability. If you have any issue with finding a normative reference, please contact . We will assist you in finding the relevant information.
[RFC1738] Berners-Lee, T., Masinter, L., and McCahill, M., Eds., "Uniform Resource Locators (URL)", RFC 1738, December 1994, http://www.rfc-editor.org/rfc/rfc1738.txt
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, http://www.rfc-editor.org/rfc/rfc2119.txt
[RFC2396] Berners-Lee, T., Fielding, R., and Masinter, L., "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998, http://www.rfc-editor.org/rfc/rfc2396.txt