Transcript CIS 451: ASP Applications, Sessions and Cookies

CIS 451:
ASP Sessions and Applications
Dr. Ralph D. Westfall
January, 2009
State Handling


http server only processes requests for
web pages, images, etc.
this is a "stateless" connection


server sends page, etc. and writes some
tracking data to a log file
but does NOT store any information in its
memory about the request
State Handling - 2

ASP.NET can store some information in
memory in relation to web site visitors,
which can be used to:



make frequently used/updated information
available to several/all pages in site
store information about a page so it will be
available when page is loaded again
pass information between pages
Definitions

Application: group of web pages
working together for a common
purpose



often in same directory or its subdirectories
Session: a client accessing an
application
Cookie: data stored by the application
on a client's computer
Session State



session starts when a user accesses a page
ends after a time period, or when closed by
ASP code
data can be stored in "session variables"



stored in Session Contents collection
available until session ends, then lost
user's browser must accept cookies

without cookies, can't use session variables
Accessing Contents Collection


session contents "indexed" by "keys"
writing to Session contents:
Session("intCount") = intCount

reading from Session contents:
intNumber = Session("intCount")

variable name before = does NOT have to
match names of keys when reading or writing

using same names can help in maintenance
Session Object Properties


SessionID: unique identifier for session
Timeout : when session ends if no activity
(default often is 20 minutes)
Session.Timeout = 30 'ends 30 minutes

international settings (currency)


CodePage (sets character alphabet)
LCID (locale ID values set time zone and other
location information, but only if installed on
server)
Session Object Methods

Abandon: ends session before it times
out
Session.Abandon()

removing Session contents data
Session.Clear()
Problem with Session
Variables

user's browser must accept cookies


without cookies, can't use session variables
alternative: userID and password



requires customer to establish an account
data stored in database on server
requires writing extra HTML code into each
page (hidden form fields) to identify the
user who is requesting another page
Application State



includes variables that can be available
to all pages in the "application"
variables can be set/changed from a
web page via authorized inputs
can also be stored in a Global.asax file

value loads into memory every time server
is turned on (but changing a value(s) in
memory does NOT update this file)
An Application



includes all files in a virtual directory ("root"),
and in its subdirectories
starts when first client opens any of files
can have many sessions (users) accessing it
at the same time (simultaneously)

number of sessions limited only by available
memory of server
An Application - 2

continues until server shuts down


usually means something went wrong
also ends when application is
"unloaded" from server

can use Microsoft Management Console to
unload
Application State Items


are stored data useable in all sessions
stored in Application Contents collection

"initialized" in Global.asax file (can view in
Visual Studio) in application's root directory
Sub Application_Start(ByVal sender _
As Object, ByVal e As EventArgs)
Application("dblPrice1") = 1.50
Application("dblPrice2") = 2.75
End Sub
Accessing Application State
Items

reading is like reading Session variables
dblPrice(1)= Application("dblPrice1")

writing requires "concurrency control"
Application.Lock()
Application("hits") += 1
Application.Unlock()


lock so other users can't access until done
writing overrides values in Global.asax file

does NOT change contents of Global.asax
Global.asax and Web.config


Global.asax: settings that won't change
use Web.config file for anything that
could change instead of Global.asax


can store objects as well as variables e.g.,
connection string
if either file has a lot of items, check
code to avoid duplications in other files