Advanced ASP programming (8): built-in object Session

In addition to the objects used for sending (Response), receiving and processing data (requeest), and Server access (Server), ASP objects also have some very useful Application tags) and the object of a single user information (Session.

Session Object
This object accounts for a considerable proportion of ASP usage. A web page is a stateless program and cannot be viewed by users. In ASP, Session objects are used to record the user's private data variables, so as to confirm the user's request for the server again. When the user redirects between the Web pages of the program, variables in the Session object will not disappear.

These are really important functions, especially those that must be used by member systems. Such as the member's login account, time, status, and real-time data of many such records (for example, the shopping system records the items in the user's shopping basket). Such information is required by individual users, generally, developers use Session record processing.

Sessions in ASP are composed of Cookies. The server transmits the data recorded in all sessions to the user's browser as Cookies. Generally, browsers store these Cookies. When users click the link and connect to the Server again, the browser will send these Cookies back to the Server for processing:This is the principle of Session operation.. It can be seen that Session state sessions are only retained in browsers that support cookies. If the client closes the cookie option Session, it will not be able to play a role.

I. Session. SessionID
The SessionID attribute returns the user's session ID. When a session is created, the server generates a separate identifier for each session. The session identifier is returned as a long integer data type. In many cases, SessionID can be used for WEB page registration statistics.

This attribute can solve one problem.User ControlProblem. The main function of this problem is to view a module of a website. When a member logs on to this module and another user logs on with the same member name, the module cannot be viewed: that is to say, a member name can only be viewed by one person at the same time.

The member name (assumed as UserID, unique) and SessionID are used for control. When a member logs on, a Session is sent to the member to record the logon Status, for example, Session ("Status") = "Logged", and the Session. SessionID of the member is written to the database. When he wants to browse this module, he first checks whether he is logged on. If he has logged on, he checks whether his SessionID is the same as that recorded in the database. If not, he cannot access it.

In this way, when another user logs on with the same member name, the database records the new SessionID. The former cannot pass the check when accessing this module. This enables a single member name to be viewed by only one person at the same time. This feature has a special effect on some paid websites. It prevents a member name from being browsed by multiple users and safeguards the company's interests.

<% = Session. SessionId %> Is a unique ID generated separately. You can refresh and debug it.

Ii. Session. TimeOut
The maximum interval of the Session set for this attribute. The interval refers to the time when the client puts forward a request to the Web server from the last time to the next time. It can be understood that if the user does not refresh or request a webpage within the timeout period, the session will be terminated. The Timeout attribute is measured in minutes and specifies the Timeout period for the Session object of the application. The default value is 20 minutes. This is important when you log on to the personal information page in public places such as Internet cafes and forget to close the window (at least you can set the time to be shorter ).

<% Session. TimeOut = 10%>

The preceding SessionId and TimeOut attributes belong to the Session object. The following describes a method of this object, Abandon.

Iii. Session. Abandon
This method is the only method for Session objects. It can be used to clear Session objects, eliminate user Session objects, and release their occupied resources. Of course, if you do not explicitly call the Abandon method, the server will delete these objects and release resources once the session times out.
Next we will use two page programs to understand the utilization of the Session object and the Abandon method.

1. login. asp

<% 'Indicates whether to extract the loginout value of the url variable to true. If it is true, Session. Abandon () is executed (). If Request. QueryString ("loginout") = "true" then Session. Abandon () End if 'The Session object is created only when the submit button is clicked and the extracted items are not empty. Submitname = request. form ("submit1 ") If submitname = "submit" then If Request. Form ("name") <> "" and Request. Form ("pwd") <> "then Session ("name") = Request. Form ("name ") Session ("pw") = Request. Form ("pwd ") End if End if %> <% 'If Session ("name") is not empty, the value of Session ("name") is displayed and a link to info. asp is established. If Session ("name") <> "then Response. write ("YOUR name value is:" & Session ("name ")) Response. write ("<br> <a href = 'info. asp '> show your materials </a> ") Else 'Otherwise, that is, if the Session ("name") is null and does not exist, a form is displayed to enter the platform for Session creation. %> <Form action = "login. asp" method = "post"> Name: <input type = "text" name = "name"> <br> Password: <input type = "password" name = "pwd"> <br> <Input type = "submit" value = "submit" name = "submit1"> </Form> <! -- A link to info. asp is also made. --> <A href = "info. asp"> show your materials </a> <% End if %>

Note that when Session ("name") is empty or not empty, a link is made to info. asp. For details about the debugging result, refer to info. asp.

2, info. asp

<% 'If the session object value is null, it will jump to login. asp. If session ("name") = "" then Response. Redirect ("login. asp ") 'Otherwise, the personal information is displayed. Else Response. Write ("Your name:" & session ("name") & "<br> ") Response. Write ("your password:" & session ("pw") & "<br> ") End if %> <A href = "login. asp"> return </a> <A href = "login. asp? Loginout = true "> exit </a>

It can be seen that the display of info. asp page content actually requires conditions. That is, a session value must exist to display the specific information. This is widely used in the login system.

You can set login. asp is considered a logon window. Of course, this is relatively simple (only the user name and password are used to generate the Session). The actual situation is: determine whether the entered username and password match the database username and password. If they are correct, the Session is generated. However, the role of the info. asp page can be just as a permission page, because the Session is required to enter this page, and the Session is generated to ensure that the name and password are correct.

Therefore, when a form window appears at the beginning, you cannot open the login. asp link. It can only be entered after the form is submitted to generate a Session. This is exactly the essence of the logon system. Do You Know? :)

Iv. Session_OnStart
Session_OnStart is a type of event of the Session object. It occurs when the server creates a new session. The server processes the script before executing the request page. Session_OnStart events are the best time to set session-period variables, because they are set before accessing any page.

The Session_OnStart event is triggered every time the object is started, and the processing process of the Session_Onstart event is run. That is to say, when the server receives an HTTP request from a URL in the application, this event is triggered and a Session object is created.

Of course, when talking about the Session_OnStart event, we can't help but talk about a file.Global. asa(P.S: I plan to put the file and the Chat program together, so I will not explain it too much now)
The specific usage is disclosed first, and written inside the Global. asa file.

<Script runat = Server Language = VBScript> ....... Sub Session_OnStart ....... End Sub ....... </SCRIPT>

5. Session_OnEnd
At first glance, we know that it is another type of event of the Session object. When the Session. Abandon method is called or is not refreshed within the TimeOut time, this triggers the Session_OnEnd event and then runs the script. The specific usage will be written laterGlobal. asa file topicThe simple syntax is as follows:

<Script runat = Server Language = VBScript> ....... Sub Session_OnEnd ....... End Sub ....... </SCRIPT>

Finally, I don't know if you have ever played such a program: A very annoying page that keeps you shut down.
Only program debugging is required.

Save the following file as bug.html

<Body onunload = javascript: window. open ("bug.html")> <br/>
[Ctrl + A select all for copy prompt: you can modify some code before clicking run]

Why can't I close this file? (Of course, You need to disable it and modify the source code)
Now, the requirement is: calculate the number of close times. If you can close the number of close times by yourself, the session will be used below

Save the following files as bug. asp

<% If session ("num") <2 then %> <Body onunload = javascript: window. open ("bug. asp")> <% Session ("num") = session ("num") + 1%> <% Else %> <Script> Self. close () </Script> <% End if %>

When you close the window three times, the window will no longer pop up. Understand it :)
The above is the system learning of the Session object.