Maintaining State Between the Client and Server

Internet Programming Using VBScript and JavaScript

9

Objectives

In this chapter you will:

Become familiar with the subroutines within the Global Application File

Create application variables using the application object

Create session variables using the session object

Write cookies using the response object

Read cookies using the request object

Become familiar with the kind of information that should be included in a privacy policy

9

What Is a Web Application?

A Web application is a group of files and folders (including virtual folders) located under the Web application’s root directory

With a Web application, you can create scripts that run when the Web application starts and stops

These scripts are stored within a Global Application File

You can run your Web application in its own memory space to prevent an error in one Web application from bringing down the rest of the Web applications on your server

9

What Is a Web Application?

This memory space is referred to as an isolated process, and is separate from the process that contains the IIS Web server

A Web application can have only one Global Application File

The Global Application File is a text file called global.asa, which must reside in the root directory of the Web application

The Global Application File contains only server-side script

9

What Is a Web Application? 9

It does not contain any HTML or client-side scripts

The four subroutines that are available in the Global Application File are:

• Application_OnStart

• Application_OnEnd

• Session_OnStart

• Session_OnEnd

The application and session objects are part of the ASP built-in object model

What Is a Web Application?

One of the biggest challenges in creating interactive Web pages is maintaining the state of the user

A privacy policy is often used to inform the user about the type of information that is being collected, and to inform the user what is being done with that information

The application object allows you to maintain application state

You can maintain information across the entire Web application with the application object

9

What Is a Web Application?

The session object is used to maintain session state

The session state maintains information across a single session

In order to use ASP to maintain state within an application, the client must support per-session cookies

A per-session cookie is used to allow the server to identify the client

The per-session cookie is temporary, and is deleted when the session ends

9

Accepting Per-Session Cookies in Internet Explorer

9

The Application Object 9

The application starts when the first user accesses a page with the .asp file extension

When the application starts, the Application_OnStart subroutine is executed

This subroutine can be used to initialize application variables

Application-level variables can keep track of information across multiple users within the same application

Application Variables

The application variables are stored within the application object’s contents collection as an array of name and value pairs

To create an application variable, identify the application object, the name of the variable inside a pair of quotation marks, the assignment operator (=), and the value

You can identify the variable as part of the application contents collection, but this is optional

9

Application Variables

Unlike the form collection and QueryString collection, the contents collection of the session object requires you to directly retrieve the values from all session variables

You can remove an application variable individually, or remove all of the variables within the contents collection

The remove method allows you to remove a single variable

9

Creating an Application Variable

Follow the steps listed on pages 322 and 323 of the textbook to create the Global Application File, define an application variable, and retrieve an application variable

You data directory must be defined as a Web application for this activity to work

Refer to the procedures outlined on pages 323 and 324 of the textbook to create a Web site counter using application variables

9

The StaticObject Collection 9

A component is an executable code that is encapsulated within a dynamic-link library (.dll) or in an executable (.exe) file

After you install a component on the server or client, you can use the objects, properties, methods, and event handlers built within the component

The component must be installed and registered using the RegSvr32 utility on the Web server

Before you can use the properties and methods of these objects, you must instantiate the component

The StaticObject Collection

The ASP built-in server object has a method called CreateObject that allows you to instantiate an object on the server

When the CreateObject method creates the object, it will immediately begin to use system resources

An alternative to the CreateObject method is the StaticObjects collection

The StaticObjects collection contains objects added by means of the <object> tag

9

The StaticObject Collection

The application and session object both contain a StaticObjects collection

Application and session objects can be easily misused

If you store many or large objects within the application or session objects, they will consume large amounts of the server’s memory resources, which will negatively affect performance on the server

Another common misuse occurs when you store database objects, such as the connection object, within a session object

9

The Session Object

A session begins when a user requests an ASP page from a Web application

This first ASP page request directs the Global Application File to start the Session_OnStart subroutine

Within the session object is a contents collection, which contains all of the session variables

9

The Session Object 9

Session-level variables track information across a single user’s session

The values stored in the session variables can vary from user to user

While application variables must be declared in the Global Application File, session variables can be created within any ASP page in the Web application

Session Variables

To create a session variable, identify the session object, the name of the session variable in quotation marks, the assignment operator (=), and the value

You can identify the variable as part of the contents collection, but this is optional

If the value of the session variable is numeric, do not use quotation marks

It is useful to add a prefix such as “sess” or “s” to the session variable to distinguish application- and session-level variables from local variables

9

Session Variables

Session variables, like application variables, are stored within a collection

You cannot retrieve the variables from all session variables directly, as you can from the form and QueryString collections

The session object contents collection, like the application object contents collection, is an array

9

Using Session Variables

Use the instructions shown on pages 328 to 330 of the textbook to define and retrieve session variables

You will create a form that will allow users to enter their name and select their membership status

Then, you will create a page that will retrieve the values and assign them to session variables by following the directions on pages 330 and 331 of the textbook

9

Using Session Variables to Store Data

9

The Timeout Property

The timeout property, identifies the amount of time that a session is allowed to remain open while the user is inactive

This value is inherited by all user sessions, not just the active user session

Below is the syntax for retrieving the timeout property of the session object:Session.Timeout

The timeout property only applies to the session object The application object does not have a timeout property

9

The SessionID Property

A unique identifier called the SessionID identifies each session

The SessionID can be obtained via the SessionID property of the session object

This number is determined by several factors, such as the current date and the IP addresses of the client and server

You cannot change the value of the SessionID property, which uses a special session cookie to maintain the session information

9

The SessionID Property

A SessionID can be used to track a user across a single session, but not across multiple sessions

To track a user across multiple sessions, other information and techniques can be used in combination with the SessionID

Use the steps on pages 333 and 334 of textbook to pass the SessionID using a form

9

Passing the SessionID in a Form Field

9

The Abandon Method

The session stops when the session timeout is reached, the user closes the browser, or the session is abandoned

Some browsers keep the session open, even if the user is visiting another Web site

You can force the session to be abandoned by calling the abandon method of the session object

The abandon method stops the session gracefully; its syntax is as follows

Session.Abandon

9

CodePage and LCID Properties

For international Web sites, other useful session properties include the CodePage and LCID

These properties are used when developing Web sites that will be used outside of the U.S.

The CodePage identifies the type of characters, digits, and punctuation symbols that are specific to a location, which is referred to as the locale

The LCID is used to format the local settings for date, time, and currency

9

Cookies

Cookies are used to maintain information about an individual user across sessions

If you are using Netscape Navigator, all cookies are stored as a single text file named cookies.text, which usually resides in the root directory of the Netscape application

All Web servers have the ability to write to this cookie file

9

Cookies 9

The cookie file stores the name of the cookie, the value, and the name of the server that wrote the cookie

Writing a Cookie

ASP provides a simple method to write and read cookies

Cookies are written using the response objects, and read using the request object

To create a cookie, you name the cookie and give it a value

Below is the syntax for writing a simple cookie using an absolute expiration data <%Response.Cookies(“myCookie”) = “value”%>

<%Response.Cookies(“myCookie”).Expires = “MM DD, YYYY”%>

9

Writing a Cookie

If you want the browser to delete the cookie, you can specify a date in the past, such as “Date - 1” or “July 4, 1776”

Below is the syntax for deleting a cookie using a relative date

<%Response.Cookies(“myCookie”) = “value”%>

<%Response.Cookies(“myCookie”).Expires = “Date - n”%>

The value assigned to the cookie can be hard-coded in the script, or soft coded

Hard-coded means that the value is written in the code and will not change unless the script is rewritten

9

Writing a Cookie

You can create a cookie with multiple names and values

This type of cookie file is really named group of cookies

To create the cookie, name the group of cookies with the same name, and then name the individual cookies along with their values

All cookies within the named group of cookies share the same expiration date

When you write a cookie that contains multiple cookies, you must write them all at the same time

9

Reading a Cookie 9

You can retrieve a cookie’s value—whether from a simple cookie or from a group of cookies— using the request object

To retrieve a simple cookie with one value, specify the name of the cookie

One of the benefits of using ASP rather than client-side scripting is that the request object parses out the cookie names and values for you

Reading a Cookie

Below is the syntax for retrieving a simple cookie with one value

<%Request.Cookies(“CookieName”)%>

To retrieve the value of a single cookie from a group of cookies, you must identify the name of the cookie group as well as the name of the individual cookie

Below is the syntax for retrieving a single cookie from a group of cookies

<%Request.Cookies(“GroupCookieName”)(“CookieName_n”)%>

9

Creating Web Pages That Use Cookies

Cookies can be written and retrieved from the same Web page, or from different Web pages

Follow the procedures outlined on page 340 of the textbook to hard-code a single cookie using a variable

Cookies can also be soft-coded, and can obtain their values from users

Using the processes shown on pages 341 to 343 of the textbook, you will give the values of the cookies that will be displayed in the browser

9

Writing the Values from a Form to a Cookie

9

Creating Pages Without Cookies 9

You can create applications that can maintain information without using cookies

One of the choices is to carry the information across pages using a hidden text field

This option would require you to use a form within each page of your Web application

Another method is to use a hard-coded hyperlink

When users log in, you would assign each a unique user identifier

Creating Pages Without Cookies

You can create a hyperlink that uses this identifier to identify the user

All hyperlinks would need to be encoded with this identifier

If the user turns off cookies, only the first method can be used, because using ASP requires cookies

To avoid having to hard-code the identifier, you could use client-side scripting to retrieve the value from the form when the user enters a user ID

Whatever method is chosen, it is important to be able to maintain state for the duration of the user’s session

9

Privacy Policies

Today many users do not want to allow Web sites to keep information about them

Web sites that discuss privacy issues and privacy policies• TRUSTe (http://www.truste.org/)

• Electronic Frontier Foundation (http://www.eff.org/)

• Life Beyond Yahoo (http://www.lifebeyondyahoo.com/life/privacy.asp)

• Privacy.net (http://www.privacy.net/)

• CDT - Center for Democracy &Technology (http://www.cdt.org/)

9

Summary

A Web application is a group of files and folders configured by Web server software

Global Application File is used to maintain information that is used across the Web application

The application object can be used to create application variables that will apply to all users

The application variable must be defined in the Global Application File

9

Summary 9

The session object can be used to create session variables that apply to a specific user and a specific session

The session object contains other useful properties, such as timeout

The SessionID property is assigned by the server, and provides a way to identify the client during the user session

A cookie can be used to maintain information across multiple sessions for a specific user