Transcript on ASP.NET
Session 10:
Managing State
Overview
State Management
Types of State Management
Server-Side State Management
Client-Side State Management
The Global.asax File
Application and Session Variables
Initializing and Using Application and Session Variables
Application and Session Variable Duration
Cookies and Cookieless Sessions
What is State Management?
Without State
Management
With State
Management
Login.aspx
Login.aspx
Please enter your
logon information:
First Name
Please enter your logon
information:
First Name
John
Last Name
John
Last Name
Chen
Chen
Submit
Greetings.aspx
Hello
I forget who you
are!!
Web Server
Submit
Greetings.aspx
Hello John Chen
Web Server
Types of State Management
Server-Side State
Management
Application state
Information is available to all
users of a Web application
Session state
Information is available only to a
user of a specific session
Database
In some cases, use database
support to maintain state on your
Web site
Client-Side State
Management
Cookies
Text file stores information to
maintain state
The ViewState property
Retains values between multiple
requests for the same page
Query strings
Information appended to the end of
a URL
Server-Side State Management
Application state is a global storage mechanism
accessible from all pages in the Web application
Session state is limited to the current browser session
Values are preserved through the use of application
and session variables
Scalability
ASP.NET session is identified by the SessionID string
Web Server
Client Computer
Application and Session variables
SessionID
Client-Side State Management
Uses cookies to maintain state
Persistent cookies
Temporary/ Non-persistent cookies
Less reliable than server-side state management options
User can delete cookies
Less secure than server-side state management options
Limited amount of information
Client-side restrictions on file sizes
Client Computer
Cookies
Web Server
The Global.asax File
Only one Global.asax file per Web application
Stored in the virtual root of the Web application
Used to handle application and session events
The Global.asax file is optional
The Global.asax File (continued)
Client
Request
Response
ASP.NET Web Server
IIS
ASP.NET HTTP Runtime
Application_BeginRequest
Application_AuthenticateRequest
Application_AuthorizeRequest
Application_EndRequest
Application_ResolveRequestCache
Application_UpdateRequestCache
Application_AquireRequestState
Application_ReleaseRequestState
Application_PreRequestHandlerExecute
Application_PostRequestHandlerExecute
Page execution
Initializing Application and Session Variables
Variables are initialized in Global.asax
The Application object shares information among all
users of a Web application
Sub Application_Start(s As Object,e As EventArgs)
Application("NumberofVisitors") = 0
End Sub
The Session object stores information for a particular
user session
Using Application and Session Variables
Set session and application variables
Session("BackColor") = "blue"
Application.Lock()
Application("NumberOfVisitors") += 1
Application.UnLock()
Read session and application variables
strBgColor = Session("BackColor")
lblNbVisitor.Text = Application("NumberOfVisitors")
Application and Session Variable Duration
Session variables have a set duration after last access
Default is 20 minutes
Session duration can be changed in Web.config:
<configuration>
<system.web>
<sessionState timeout="10" />
</system.web>
</configuration>
Application variables persist until the Application_End
event is fired
Creating and Reading Session Cookies
You can create and read session cookies by using the Cookies
Property of the Response Object and Request Class.
Creating a Cookie
Dim objCookie As New HttpCookie(“myCookie”, “Hello!”)
Response.Cookies.Add(objCookie)
Reading a Cookie
Response.Write(Request.Cookies(“myCookie”).Value)
Creating and Reading Persistent Cookies
A persistent cookie is similar to a session cookie except that a
persistent cookie has a defined expiration date
The code below can be used to create a persistent cookie
Dim objCookie As New HttpCookie(“myCookie”, “Hello”)
objCookie.Expires = #12/25/2007#
Response.Cookies.Add(objCookie)
To create a persistent
cookie, specify the
expiration time
Persistent cookies can be read in the same way as you would a
session cookie
Response.Write(Request.Cookies(“myCookie”).Value)
Retrieving Information from a Cookie
Read the cookie
Dim objCookie As HttpCookie = Request.Cookies("myCookie")
Retrieve values from the cookie
lblTime.Text = objCookie.Values("Time")
lblTime.ForeColor = System.Drawing.Color.FromName _
(objCookie.Values("ForeColor"))
lblTime.BackColor = System.Drawing.Color.FromName _
(objCookie.Values("BackColor"))
Using Cookieless Sessions
Each active session is identified and tracked using
session IDs
Session IDs are communicated across client-server
requests using an HTTP cookie or included in the URL
Cookieless sessions
Session ID information is encoded into URLs
http://server/(h44a1e55c0breu552yrecobl)/page.aspx
Cannot use absolute URLs
Most browsers limit the URL size to 255 characters,
which limits use of cookieless Session IDs
Setting Up Cookieless Sessions
Session state is configured in the <SessionState>
section of Web.config
Set cookieless = true
<sessionState cookieless="true" />