Application of ASP Built-in object session

In addition to the objects used to send (Response), receive and process data (requeest), server access (servers) in an ASP object, there are some very useful markup active Object for the server application (application) and individual user information (session).

Session Object

This object accounts for a significant proportion of ASP usage. Because the Web page is a stateless program, the user browsing State is not known. In ASP, through the session object to record the user's private data variables, as users again to request the server to confirm, users in the program's Web page jumps between the existence of the session object variables will not disappear.

These are really important features, especially if a member's system has to be used. Like a member's login account, time, status, and many of the recorded real-time data (such as the shopping system records the user's basket of goods), this information belongs to the user's private needs, usually developers are using the session record processing.

The session in ASP is composed of cookies, the server will all the data recorded in the session, in the form of cookies to the user's browser. Usually the browser will save these cookies, every time the user click on the link, again with the server online, the browser will send these cookies back to the server for processing: this is the operating principle of the session. This allows session-state sessions to be preserved only in browsers that support cookies, and if the client turns off the cookie option, it won't work.

First, Session.SessionID

The SessionID property returns the user's session identity. When you create a session, the server generates a separate identity for each session, and the session identity is returned with the long shaping data type. In many cases SessionID can be used for WEB page registration statistics.

This property can be used to solve a problem of user control. The main function of the problem is that a module for a Web site, when a member is looking at this module after login, another person to log in with the same member name, you can not browse this module: that is, a member name can only one person browsing this module.

Control is achieved by using a member name (assumed to be userid, unique) and SessionID. When the member logs in, give this member a session record login status such as: Session ("Status") = "logged", at the same time the member's Session.SessionID written to the database. When he wants to browse this module, first determine whether it is logged in, if you have logged in again to determine whether its sessionid is the same as the database records, if different can not access.

In this way, when another user logs in with the same member name, the database records the new SessionID, which cannot be checked when accessing the module. This realizes a member name and can only browse a module by one person at a time. This feature has a special role in a number of toll sites, it prevents a member name for many people to browse the problem, for the company to protect the interests.

<%=Session.SessionId%>

is a single generated unique ID identification, which refreshes debugging.

Second, Session.Timeout

The maximum time interval for the session that is set by this property. The interval is the time that the client side requests from the most recent to the Web server to the next request to the Web server. It can be understood that if a user does not refresh or request a Web page within the time-out period, the session terminates. The Timeout property specifies the time-out period for the session object of the application in minutes, and generally defaults to 20 minutes. This in the Internet cafes and other public places, login personal information page and forget to close the window, it is more important (at least the time can be set short).

<%Session.TimeOut=10%>

The above SessionID, timeout belong to the two properties of the session object, see one method of the object abandon

Third, Session.Abandon

This method is the only method of the session object that clears the session object to eliminate the user's session object and frees up the resources it occupies. Of course, if you don't explicitly call the Abandon method, the server will also delete the objects and release resources once the session times out.
The following two-page program is used to understand the session object and the use of the Abandon method.

1,login.asp

<%
' is to extract whether the value of the variable loginout in the URL is true, and if true, execute Session.Abandon ().
If Request.QueryString ("loginout") = "true" Then
Session.Abandon ()
End If
' Only when you click on the Submit button, then to determine that the extract is not empty, then set up the session object.
Submitname=request.form ("Submit1")
If submitname= "Submit" Then
If Request.Form ("name") <> "" and Request.Form ("pwd") <> "" Then
Session ("name") =request.form ("name")
Session ("PW") =request.form ("pwd")
End If
End If
%>
<%
' If session (' name ') is not empty, the value of Session ("name") is displayed, and a link to info.asp is made.
If session ("name") <> "then
Response.Write ("Your Name value is:" &session ("name"))
Response.Write ("<br><a href= ' info.asp ' > Show your Information </a>")
Else
' Otherwise, that is, the session ("name") is null and does not exist, the form is displayed to enter the platform on which to establish the session.
%>
<form action= "Login.asp" method= "POST" >
Name: <input type= "text" name= "name" ><br>
Password: <input type= "password" name= "pwd" ><br>
<input type= "Submit" value= "Submit" Name= "Submit1" >
</form>
<!--also made a link to info.asp. -->
<a href= "info.asp" > Show your Information </a>
<%end if%>

Note that the session ("name") is empty and not empty, have done a link to the info.asp, the specific debugging results, and then look at the content of info.asp.

2,info.asp

<%
' Jump to Login.asp if the Session object value is null
If session ("name") = "" Then
Response.Redirect ("Login.asp")
' Otherwise display personal information
Else
Response.Write ("Your Name:" &session ("name") & "<br>")
Response.Write ("Your Password:" &session ("PW") & "<br>")
End If
%>
<a href= "Login.asp" > Return </a>
<a href= "Login.asp?loginout=true" > Exit </a>

It can be seen that the info.asp page content display is in fact need conditions. That is, you have to have a session value to exist so that you can display specific information. This is used more in the login system.

You can think of login.asp as a login window, of course my this relatively simple (as long as the input with the name and password on the production session), the actual situation is: To determine the input of the name and password and the database with the name and password, if the correct match to generate session. However, the role of info.asp page just can be done as a permission page, because the page needs to enter the session, and the emergence of the session is to ensure that the name of the correct password.

So when you start to appear in the form window, you dot login.asp link is not open, only when the table is submitted to a single session before entering. This is the essence of the login system, do you Know? ：）

Four, Session_OnStart

Session_OnStart A class of events that belong to the session object. It occurs when a new session is created by the server. The server processes the requested page before it is executed. The Session_OnStart event is the best time to set session variables, because they are set before any pages are accessed.

Each time a routine of an object triggers a Session_OnStart event, and then runs the process of Session_OnStart events. That is, when the server receives an HTTP request for a URL in the application, it triggers the event and establishes a Session object.

Of course, when it comes to the Session_OnStart incident, you can't stop talking about a file Global.asa (P.S: I'm going to put this file and the chat program together, so don't explain it too much now) specific usage first revealed, written in the Global.asa file internal

<script Runat=server language=vbscript>
.......
Sub Session_OnStart
.......
End Sub
.......
</SCRIPT>

Five, Session_OnEnd

A look also knows is the session object another kind of event. When the Session.Abandon method is invoked or not refreshed during the timeout time, this triggers the Session_OnEnd event and executes the script inside. The same specific usage is described in detail in the Global.asa file topic to be written later, the simple syntax is as follows:

<script Runat=server language=vbscript>
.......
Sub Session_OnEnd
.......
End Sub
.......
</SCRIPT>

Finally, I do not know if you have played such a program: very annoying, so that you can never shut down the program page.
Just do the program debugging, do not play tricks on others.

The following files are saved as bug.html

<body Onunload=javascript:window.open ("bug.html") >

Did you find the file closed? (Of course you want to close, change the source code)
So now the requirement is: Calculate the number of closures, if more than how many times you can shut down, then the following is used to the session

The following files are saved as bug.asp

<%if session ("num") < 2 then%>
<body Onunload=javascript:window.open ("bug.asp") >
<%session ("num") =session ("num") +1%>
<%else%>
<script>
Self.close ()
</script>
<%end if%>

Oh, when you close three times, the window will no longer eject. Understand it:)
The above is the system learning of the session object.