Walkthrough: Configuring a private session state database using the SQL provider

Current version: 9.1

In private session state, the session state database collects and saves all data related to a specific interaction, such as viewed pages, converted goals, triggered campaigns, or accumulated engagement points.

You can use the Sitecore ASP.NET Session State Provider for SQL Server to configure a SQL Server database as your private session state store.

The SQL Server provider supports the session-end event that the xDB requires to track website visits.


Content Management (CM) servers do not support using an external session state database. On CM servers you can only use in-process session state.

This walkthrough outlines how to deploy a SQL Server session database, optimize SQL Server performance, configure Sitecore, and adjust private session state settings.

Deploy a SQL Server session database


You can store shared and private session state information in the same database. The database is able to distinguish between the types of session.

To deploy the SQL Server session database:

  1. Start Microsoft SQL Server Management Studio 2016 or later.

  2. Connect to the server node that you want to install the Session database on.

  3. Expand the server node, right-click Databases, and then click Deploy Data-tier Application.

  4. In the Deploy Data-tier Application wizard, on the Select Package page, click Browse.

  5. Select the Sitecore.Sessions.dacpac file and click Next.


    You can find the file in the Databases folder in the root of the Sitecore archive.

  6. In the Update Configuration step, specify the name of the database, click Next and, after validating summary information, click Next. When the deploy is completed, the session database appears in your list of attached databases.

  7. Add the following connection string to the ConnectionStrings.config file:

        connectionString="User ID=<SQL server username>;password=<user password>;Data Source=<SQL server>;Database=<session database name>"
  8. The connection string user must be allowed to execute stored procedures on the session database. No other privileges are necessary. A system administrator can grant this privilege with these SQL statements:

    USE <session database name>;
    GRANT EXECUTE TO <SQL server username>;

Configure Sitecore

To configure Sitecore to use the private session state provider for SQL Server:

  1. In your site root folder, open the web.config file and locate the sessionState line:

     <sessionState mode="InProc" cookieless="false" timeout="20" 

    Change this line to:

    <sessionState mode="Custom"
        customProvider="mssql" cookieless="false"
  2. Update the sessionState section by adding the SQL Server provider as shown in the following example. Change the name attribute value to mssql:

    <sessionState mode="Custom" customProvider="mssql" cookieless="false" timeout="20">
        <add name="mssql" 

Adjust private session state settings

To adjust the private session state settings:

  • In the web.config file, edit the following configuration options:





Specifies the connection string that Sitecore uses to connect to the session database.

Edit to specify the session state database that you want to use. In the xDB, this database is called session.

For example:



Specifies the time interval in seconds that the session-state provider uses to check if any sessions have expired.

For example:



Specifies that you want session-state data to be compressed.

The default value is  true. Compressing session state data reduces the amount of data that you must transfer between the database and the Sitecore instance. This can cause some additional CPU overhead.

For example:



Specifies that the type of session state is private.

Only valid value:


Do you have some feedback for us?

If you have suggestions for improving this article,