ASP applications and sessions

Chapter 3 ASP applications Program And sessions

In the previous sections, we introduced ASP's methods for accessing a customer request and generating responses. This chapter will discuss the other two ASP objects. Is the application and Session object. These two objects are not directly related to the management of requests and responses, but more related to the management of the ASP Webpage runtime environment.
One of the common problems related to creating a web site or a Web application is that HTTP is stateless. Status provides variable values, objects, and other resources related to a specified user, and can be used by any routine in the application; when you write a customer-based application in a programming language such as VB or C ++, you can use the status to complete relevant work. However, web does not provide this capability. In this chapter, you will see why and how to avoid this problem.
This chapter also involves some terms and technical issues. So far, this book has briefly discussed "Web applications", but does not really understand or accurately define what they are. This book also involves "user sessions" and does not have a complete description. The content is omitted intentionally because it is closely related to ASP applications and sessions. The following describes ASP application and session objects.
Main contents of this chapter:
? What are web applications and how they are associated with ASP application objects.
? ASP automatically creates and manages applications and sessions.
? Functions provided by application and session objects.
? How to put application and seesion objects into ASP Web pages.
First, we will study the core issue of the entire content: status.

3.1 web Status Management
Many developers have never considered the concept of status before passing applications to the Web. As mentioned earlier, Web is a stateless environment. Therefore, we should discuss what the status is and learn how to avoid problems.

3.1.1 precise status definition
When creating an executable application in a single user program, you can declare a global (or public) variable by using vbto create an .exe file, and then Code Can be accessed anywhere. The time value is always valid and accessible at all times when the application is running.
For a traditional Client/Server solution, such as a client-based application that accesses a server-based database engine, each client establishes a connection with the server and database application. This connection is usually established by verifying the user.
The authentication process is a typical process of identifying a user. A user name and password combination is used to verify whether the user is a legal user.
Once verification is passed, a connection is established between the client and the server-based application. The connection remains valid for all the time users use the application. This happens when a user registers for a Windows 2000 Server. Whenever the Administrator uses the "Active Directory users and computers" utility (click the "Directory management" item in the "Administrative Tools" option in the "Start" menu) you can see the active user connection. This process is the same in many systems, such as Microsoft SQL Server.
This permanent connection means that when a user sends a command or request to the server, the server can easily identify each user. The same server response or any other user information can also be directly returned to the user. It should be further pointed out that the server can easily store the values and information related to each customer and provide them to the corresponding customers as needed. Of course, server applications can have primary global variables for users to access as needed.
The ability to identify the requests of each client and save relevant user values in the memory constitutes a State. It can be considered that the State represents the value, environment, and internal variables of the application, and runs through the whole process of connecting the application and the user.

3.1.2 importance of status
If you want to create a web site-based application that interacts with the user, instead of displaying only the web site of the independent page, you must be able to provide an independent status for each user. This may only remember their names, or store object references or different record sets for each user. If you cannot do this, the ASP Web page cannot do more, because the variables and other related information on the page are damaged when the page is executed. When a user requests the next page, all information provided on this page will be lost.
Therefore, you need to find a way to save the status of each visitor. It is important to store global values for all users. For example, a web-style access or page Click counter does not provide each user with its own counter. users usually want to see the total number of visitors, not just the number of visits they have made. The number of visitors must be stored together with the application-level status, rather than with the user-level status.
This is not just a problem. Since commercial websites occupy the Web, they already exist, or even earlier. Therefore, there are many traditional solutions for storing the status on the web. The web site administrator wants to know if a visitor has visited their website before. How many times have they visited the website? Other websites are also regularly accessed. In this way, the advertising targets can be better set. All of these require one way to store the webpage requests or information about each access.

3.1.3 create a status on the Web
The common method to provide status between page requests and site access is through cookies. We have seen in the previous sections how to store the corresponding values in the client's computer. These values are sent together with each page request to the valid domain for this cookie. By using ASP to check and update cookies, you can maintain a state to some extent. You can use the information contained to identify the user and connect the user to a set that has stored the corresponding value.
For example, you can check whether a user request contains a cookie specified by a site. If this parameter is not included, a user is assigned a certain type of identifier, indicating a quantity, and stored in a cookie with a long validity period. In the future, this user will be able to detect cookies and update the information contained in each access to this site. At the same time, you can collect data on the number of visits and duration, and store the data on the server for future use.
However, what happens if a user transfers a cookie to another computer, deletes the cookie, or their browser rejects the cookie sent to them? In this case, the status cannot be maintained, because the next time they are not recognized, there are many cookies on the web, most people will accept them, and ignore them. If you open the "warn before accepting cookies" option in the browser and then roam several large sites, you will understand the meaning.
1. Anonymous and authorized visitors
If you think cookie is a sloppy solution, you can use a more direct method. Many websites use one of the following methods: When a visitor clicks a site or clicks a page requesting authentication, A Login Dialog Box is displayed. Visitors must first register and obtain a combination of user names and passwords to allow access to the site or page.
To verify that a visitor is a known and legal user, a cookie is placed on the visitor's computer, or it stores the registered detailed data, or a key that indicates that the identity has been verified )". At the same time, the visitor's detailed data is permanently stored on the server and used for re-access. If the visitor's browser has such a cookie, he can freely access the website because it has been verified.
If the cookie does not have a validity period (expires), the cookie value automatically disappears when the browser is closed. During the next visit, the cookie must be re-registered and re-verified. Of course, if you refuse to receive or delete a cookie, you can only get the registration dialog box again. In this way, the website cannot be accessed if it is not identified.
By forcing users to register to a Web server just like registering to their own network, the overall security of Windows 2000 can provide a stronger and more secure authentication function for IIS. However, this can only work with browsers of Internet Explorer 3.0 and later versions. IIS can also use basic authentication to allow non-Microsoft browsers to register web servers.
2. No anonymous visitors
When using ASP on the IIS web server, users can be tracked in the current session unless the user leaves the site to another website or closes the browser. Later in this chapter, we will see how to use this function to identify a visitor, store the user's local information and provide status. The following describes how to work with a solution that has been discussed.
ASP and IIS jointly propose a user session concept to interact with each other through ASP session objects. When each visitor accesses an ASP Webpage on the server for the first time, a new and independent Session object is created for the visitor and assigned a session ID number to the session, and send a cookie containing the special encrypted version of the session identifier to the customer.
Set the Cookie Path (see the previous section on cookie attributes) to the root path of the ASP application running on the server. This is probably the default web site root directory ("/"), but it may also be another value (which will be seen later ). The expires value is not provided in the cookie. Therefore, when the browser is closed, the cookie value disappears.
Whenever this user accesses this ASP Webpage, ASP will search for this cookie. The name is aspsessionidxxxxxxxx. Each X is a letter. From the servervariables set shown in Figure 2-7 of Chapter 2nd, you can see it in the HTTP header. ASP cookies are highlighted here, as shown in 3-1:

Figure 3-1 cookie value
However, this cookie does not appear in the request. Cookies or response. Cookies set. asp hides the cookie but stores it in the browser. For each ASP Webpage request, Asp must view this value. The cookie value indicates the user's session. Therefore, the corresponding session object (this object has been processed in the memory and always contains all the values for operations in the request process of the previous page) the content can be handed over to the script in the ASP Web page.
Of course, as mentioned above, if the client browser does not receive or support these cookies, the processing will fail. In this case, an ASP session cannot be created and the visitor's status is not automatically maintained.

3.2 web application definition
The Web application term has been used for many times in the previous chapter. It is neither a real web site nor a traditional application. In other words, it is regarded as a collection of web pages and other resources used to complete certain tasks. It implies that there is a predefined route throughout the web page, and users can make choices or provide information to complete the task.
For example, in an online store, you repeatedly observe and choose to purchase the goods, browse a series of web pages, collect the required information, pay the corresponding fees, and finally issue an order. It may also be a "Software Upgrade Wizard" that guides you through the process of downloading and installing new software, or may be an Intranet-based quote or sales report generation tool.
All these websites are different from "standard" Web sites. Generally, Web sites use a series of menus or navigation bars to roam the site in an undefined path. However, a Web application is far more than a controlled navigator. When you freely roam on a web site, you can perform stateless and anonymous access, but Web applications generally do not accept it.

3.2.1 ASP application definition
The above content can be considered as a reasonable general definition of the term "Web Applications", but unfortunately, it is not enough to talk about "ASP applications. The answer to what is "Web application" can be subjective, while the answer to what is "ASP application" requires a technical explanation. In ASP, the term "application" has its own specific meaning. It is important to understand this concept before discussing how to implement it.
ASP applications are related to two main contents:
? Global scope, with a globally accessible variable storage area.
? By integrating COM + with IIS, you can better manage components.
The following content is discussed. The second content involves other ASP objects, which have a wide range of coverage. This part will be discussed in detail in the next chapter when studying ASP Server objects.
1. Provide the global scope of Web Applications
ASP provides an application object, which is basically the same as the session object discussed earlier. However, this is at the application layer rather than the user layer. In other words, the object is global, not for individual users, but for all users of the application, its scope is not limited to access by individual users. This is the same as the global (or public) variable in a normal executable application. The application object can be used to store variables and information (that is, the State) in a global environment. All the scripts running on any ASP Web page in the application can access these values, no matter which visitor sends the request.
However, this does not answer the main question: what is an ASP application? To this end, we need to study some internal ASP situations.
When a user requests an ASP Webpage, IIS creates an environment by instantiating ASP. dll (used for ASP) (as described in Chapter 1st ). The page is interpreted as a server script, and the corresponding Script Engine instance is used to execute the script.
If an event is initiated at the beginning of the instantiated ASP. dll, an ASP application is started and an application object is created. Then, start a session for the user and create a separate session object. When more sessions are started, this application object is stored in the scope (that is, it has been instantiated and available ). Once the Active session ends, the application ends and the corresponding application object is canceled.
(1) default ASP Application
When installing IIS and ASP in Windows 2000, create a default web site. It is configured as an ASP application, which involves some settings for the site root directory folder (default: C: inetpubwwwroot) in the Properties dialog box. Figure 3-2 shows the screen of the Properties dialog box of the default web site.

Figure 3-2 default web site Properties dialog box
One of the files that involve ASP applications is global. Asa. This file is used to customize the method of application behavior. It is placed in the root directory of the application and can be used in all subdirectories under this directory. Therefore, if it is placed in the root directory of the entire web site, the entire website is defined as part of the default ASP application.
Later in this chapter, you will see this file and its usage in the application and session Events section.
(2) Asp virtual Application
Like creating a default application during the setting process, you can create your own ASP virtual application in any subdirectory of the web site. This application contains all subdirectories defined as the "application directory. This directory and subfolders are also part of the default application, sharing the global space created by the default application object.
In fact, all variables stored in the default application are also available in sub-directories. However, if an asp web page in the subdirectory application writes a value to the application object, and the application object has the same name as the existing value in the default (Root) application, therefore, the original values cannot be reused in sub-directory applications. However, the original value is retained in other applications or ASP Web pages, because the application in the root directory cannot access the value in the subdirectory application.
Consider this problem from the perspective of a subroutine or function variable. If you define a variable intmyvalue as public or global, you can access it from any subroutine or function. However, if another local variable with the same name is declared and referenced in the subroutine or function, the local value of the variable is obtained. You cannot access the original value. When the subroutine or function ends, the local value is revoked, and the original value of the global variable remains:
Public intmyvalue = 42
Function dosomething ()
Response. Write intmyvalue 'gives 42 from global variable
Dim intmyvalue
Intmyvalue = 17
Response. Write intmyvalue 'gives 17 from new local variable,
; 'The global value of myvalue is still 42
End Function
(3) create your own ASP virtual Application
To create a new virtual application, use an Internet Services Manager application or an HTML Web Manager webpage with the same functions. In Internet Services Manager, right-click the directory of the virtual application to be created, select new, and select virtual directory, as shown in Figure 3-3:

Figure 3-3 screen for creating an ASP virtual Application
This operation starts the new virtual directory wizard. the Start Screen of the wizard provides information about the wizard operations. Click Next and enter the name (or alias) of the new virtual application on the second page ). This name is associated with the path of the Directory selected in Internet Services Manager and will become the URL of the application. The screen is shown in 3-4:

Figure 3-4 new virtual directory wizard Screen
To convert an existing Directory to an application with the same name as the directory, select the directory containing the name you want to convert and use the directory name on the virtual directory alias page of the wizard. For example, to convert the existing test directory to a virtual application, you should select the default Web Site entry in Internet Services Manager and provide an alias "test ".
Click Next to specify the path of the content (PAGE) containing the application. Click browser to select an existing Directory. This directory is the directory pointed to by the new virtual application. The screen is 3-5:

Figure 3-5 screen when path is specified
Click Next to open the access permissions page and select permissions for all users of the application. The default values are read and run scripts, which is suitable for most users. The screen is 3-6:

Figure 3-6 screen with user permission setting
If you want to write a custom CGI application that can be directly executed by the user, just select "execute": for example, the user passes through a. EXE file that matches the name in the request's url, like "http://mysite.com/.../Test application/create_user.exe? User = jjones ".
Click Next to create a virtual application in the Wizard. On the screen shown in Figure 3-7, you can see an open small box icon with some padding in the list bar on the left.

Figure 3-7 screen after the virtual application is created
If you right-click the new application and select Properties, you can see the settings selected by the wizard. You can modify the access permissions, "local path", and "application settings" as needed ". A Remove button is displayed to delete the virtual application, as shown in Figure 3-8:

Figure 3-8 screen for setting virtual Application Properties