Date post: | 31-Mar-2015 |
Category: |
Documents |
Upload: | morgan-cornfield |
View: | 219 times |
Download: | 1 times |
Maintaining State Between the Client and Server
Internet Programming Using VBScript and JavaScript
9
Objectives
In this chapter you will:
Become familiar with the subroutines within the Global Application File
Create application variables using the application object
Create session variables using the session object
Write cookies using the response object
Read cookies using the request object
Become familiar with the kind of information that should be included in a privacy policy
9
What Is a Web Application?
A Web application is a group of files and folders (including virtual folders) located under the Web application’s root directory
With a Web application, you can create scripts that run when the Web application starts and stops
These scripts are stored within a Global Application File
You can run your Web application in its own memory space to prevent an error in one Web application from bringing down the rest of the Web applications on your server
9
What Is a Web Application?
This memory space is referred to as an isolated process, and is separate from the process that contains the IIS Web server
A Web application can have only one Global Application File
The Global Application File is a text file called global.asa, which must reside in the root directory of the Web application
The Global Application File contains only server-side script
9
What Is a Web Application? 9
It does not contain any HTML or client-side scripts
The four subroutines that are available in the Global Application File are:
• Application_OnStart
• Application_OnEnd
• Session_OnStart
• Session_OnEnd
The application and session objects are part of the ASP built-in object model
What Is a Web Application?
One of the biggest challenges in creating interactive Web pages is maintaining the state of the user
A privacy policy is often used to inform the user about the type of information that is being collected, and to inform the user what is being done with that information
The application object allows you to maintain application state
You can maintain information across the entire Web application with the application object
9
What Is a Web Application?
The session object is used to maintain session state
The session state maintains information across a single session
In order to use ASP to maintain state within an application, the client must support per-session cookies
A per-session cookie is used to allow the server to identify the client
The per-session cookie is temporary, and is deleted when the session ends
9
Accepting Per-Session Cookies in Internet Explorer
9
The Application Object 9
The application starts when the first user accesses a page with the .asp file extension
When the application starts, the Application_OnStart subroutine is executed
This subroutine can be used to initialize application variables
Application-level variables can keep track of information across multiple users within the same application
Application Variables
The application variables are stored within the application object’s contents collection as an array of name and value pairs
To create an application variable, identify the application object, the name of the variable inside a pair of quotation marks, the assignment operator (=), and the value
You can identify the variable as part of the application contents collection, but this is optional
9
Application Variables
Unlike the form collection and QueryString collection, the contents collection of the session object requires you to directly retrieve the values from all session variables
You can remove an application variable individually, or remove all of the variables within the contents collection
The remove method allows you to remove a single variable
9
Creating an Application Variable
Follow the steps listed on pages 322 and 323 of the textbook to create the Global Application File, define an application variable, and retrieve an application variable
You data directory must be defined as a Web application for this activity to work
Refer to the procedures outlined on pages 323 and 324 of the textbook to create a Web site counter using application variables
9
The StaticObject Collection 9
A component is an executable code that is encapsulated within a dynamic-link library (.dll) or in an executable (.exe) file
After you install a component on the server or client, you can use the objects, properties, methods, and event handlers built within the component
The component must be installed and registered using the RegSvr32 utility on the Web server
Before you can use the properties and methods of these objects, you must instantiate the component
The StaticObject Collection
The ASP built-in server object has a method called CreateObject that allows you to instantiate an object on the server
When the CreateObject method creates the object, it will immediately begin to use system resources
An alternative to the CreateObject method is the StaticObjects collection
The StaticObjects collection contains objects added by means of the <object> tag
9
The StaticObject Collection
The application and session object both contain a StaticObjects collection
Application and session objects can be easily misused
If you store many or large objects within the application or session objects, they will consume large amounts of the server’s memory resources, which will negatively affect performance on the server
Another common misuse occurs when you store database objects, such as the connection object, within a session object
9
The Session Object
A session begins when a user requests an ASP page from a Web application
This first ASP page request directs the Global Application File to start the Session_OnStart subroutine
Within the session object is a contents collection, which contains all of the session variables
9
The Session Object 9
Session-level variables track information across a single user’s session
The values stored in the session variables can vary from user to user
While application variables must be declared in the Global Application File, session variables can be created within any ASP page in the Web application
Session Variables
To create a session variable, identify the session object, the name of the session variable in quotation marks, the assignment operator (=), and the value
You can identify the variable as part of the contents collection, but this is optional
If the value of the session variable is numeric, do not use quotation marks
It is useful to add a prefix such as “sess” or “s” to the session variable to distinguish application- and session-level variables from local variables
9
Session Variables
Session variables, like application variables, are stored within a collection
You cannot retrieve the variables from all session variables directly, as you can from the form and QueryString collections
The session object contents collection, like the application object contents collection, is an array
9
Using Session Variables
Use the instructions shown on pages 328 to 330 of the textbook to define and retrieve session variables
You will create a form that will allow users to enter their name and select their membership status
Then, you will create a page that will retrieve the values and assign them to session variables by following the directions on pages 330 and 331 of the textbook
9
Using Session Variables to Store Data
9
The Timeout Property
The timeout property, identifies the amount of time that a session is allowed to remain open while the user is inactive
This value is inherited by all user sessions, not just the active user session
Below is the syntax for retrieving the timeout property of the session object:Session.Timeout
The timeout property only applies to the session object The application object does not have a timeout property
9
The SessionID Property
A unique identifier called the SessionID identifies each session
The SessionID can be obtained via the SessionID property of the session object
This number is determined by several factors, such as the current date and the IP addresses of the client and server
You cannot change the value of the SessionID property, which uses a special session cookie to maintain the session information
9
The SessionID Property
A SessionID can be used to track a user across a single session, but not across multiple sessions
To track a user across multiple sessions, other information and techniques can be used in combination with the SessionID
Use the steps on pages 333 and 334 of textbook to pass the SessionID using a form
9
Passing the SessionID in a Form Field
9
The Abandon Method
The session stops when the session timeout is reached, the user closes the browser, or the session is abandoned
Some browsers keep the session open, even if the user is visiting another Web site
You can force the session to be abandoned by calling the abandon method of the session object
The abandon method stops the session gracefully; its syntax is as follows
Session.Abandon
9
CodePage and LCID Properties
For international Web sites, other useful session properties include the CodePage and LCID
These properties are used when developing Web sites that will be used outside of the U.S.
The CodePage identifies the type of characters, digits, and punctuation symbols that are specific to a location, which is referred to as the locale
The LCID is used to format the local settings for date, time, and currency
9
Cookies
Cookies are used to maintain information about an individual user across sessions
If you are using Netscape Navigator, all cookies are stored as a single text file named cookies.text, which usually resides in the root directory of the Netscape application
All Web servers have the ability to write to this cookie file
9
Cookies 9
The cookie file stores the name of the cookie, the value, and the name of the server that wrote the cookie
Writing a Cookie
ASP provides a simple method to write and read cookies
Cookies are written using the response objects, and read using the request object
To create a cookie, you name the cookie and give it a value
Below is the syntax for writing a simple cookie using an absolute expiration data <%Response.Cookies(“myCookie”) = “value”%>
<%Response.Cookies(“myCookie”).Expires = “MM DD, YYYY”%>
9
Writing a Cookie
If you want the browser to delete the cookie, you can specify a date in the past, such as “Date - 1” or “July 4, 1776”
Below is the syntax for deleting a cookie using a relative date
<%Response.Cookies(“myCookie”) = “value”%>
<%Response.Cookies(“myCookie”).Expires = “Date - n”%>
The value assigned to the cookie can be hard-coded in the script, or soft coded
Hard-coded means that the value is written in the code and will not change unless the script is rewritten
9
Writing a Cookie
You can create a cookie with multiple names and values
This type of cookie file is really named group of cookies
To create the cookie, name the group of cookies with the same name, and then name the individual cookies along with their values
All cookies within the named group of cookies share the same expiration date
When you write a cookie that contains multiple cookies, you must write them all at the same time
9
Reading a Cookie 9
You can retrieve a cookie’s value—whether from a simple cookie or from a group of cookies— using the request object
To retrieve a simple cookie with one value, specify the name of the cookie
One of the benefits of using ASP rather than client-side scripting is that the request object parses out the cookie names and values for you
Reading a Cookie
Below is the syntax for retrieving a simple cookie with one value
<%Request.Cookies(“CookieName”)%>
To retrieve the value of a single cookie from a group of cookies, you must identify the name of the cookie group as well as the name of the individual cookie
Below is the syntax for retrieving a single cookie from a group of cookies
<%Request.Cookies(“GroupCookieName”)(“CookieName_n”)%>
9
Creating Web Pages That Use Cookies
Cookies can be written and retrieved from the same Web page, or from different Web pages
Follow the procedures outlined on page 340 of the textbook to hard-code a single cookie using a variable
Cookies can also be soft-coded, and can obtain their values from users
Using the processes shown on pages 341 to 343 of the textbook, you will give the values of the cookies that will be displayed in the browser
9
Writing the Values from a Form to a Cookie
9
Creating Pages Without Cookies 9
You can create applications that can maintain information without using cookies
One of the choices is to carry the information across pages using a hidden text field
This option would require you to use a form within each page of your Web application
Another method is to use a hard-coded hyperlink
When users log in, you would assign each a unique user identifier
Creating Pages Without Cookies
You can create a hyperlink that uses this identifier to identify the user
All hyperlinks would need to be encoded with this identifier
If the user turns off cookies, only the first method can be used, because using ASP requires cookies
To avoid having to hard-code the identifier, you could use client-side scripting to retrieve the value from the form when the user enters a user ID
Whatever method is chosen, it is important to be able to maintain state for the duration of the user’s session
9
Privacy Policies
Today many users do not want to allow Web sites to keep information about them
Web sites that discuss privacy issues and privacy policies• TRUSTe (http://www.truste.org/)
• Electronic Frontier Foundation (http://www.eff.org/)
• Life Beyond Yahoo (http://www.lifebeyondyahoo.com/life/privacy.asp)
• Privacy.net (http://www.privacy.net/)
• CDT - Center for Democracy &Technology (http://www.cdt.org/)
9
Summary
A Web application is a group of files and folders configured by Web server software
Global Application File is used to maintain information that is used across the Web application
The application object can be used to create application variables that will apply to all users
The application variable must be defined in the Global Application File
9
Summary 9
The session object can be used to create session variables that apply to a specific user and a specific session
The session object contains other useful properties, such as timeout
The SessionID property is assigned by the server, and provides a way to identify the client during the user session
A cookie can be used to maintain information across multiple sessions for a specific user