Web Status Management Analysis of ASP Application Design

Many developers have never considered the concept of status before passing applications to the Web. As mentioned earlier, Web is a stateless environment. Therefore, we should discuss what the status is and learn how to avoid problems.
Accurate status definition

When creating an executable application in a single user program, for example, you can use vbto create an .exe file, declare a global (or public) variable, and then access it anywhere in the code. The time value is always valid and accessible at all times when the application is running.

For a traditional Client/Server solution, such as a client-based application that accesses a server-based database engine, each client establishes a connection with the server and database application. This connection is usually established by verifying the user.

The authentication process is a typical process of identifying a user. A user name and password combination is used to verify whether the user is a legal user.

Once verification is passed, a connection is established between the client and the server-based application. The connection remains valid for all the time users use the application. This happens when a user registers for a Windows 2000 Server. Whenever the Administrator uses the "Active Directory users and computers" utility (click the "Directory management" item in the "Administrative Tools" option in the "Start" menu) you can see the active user connection. This process is the same in many systems, such as Microsoft SQL Server.

This permanent connection means that when a user sends a command or request to the server, the server can easily identify each user. The same server response or any other user information can also be directly returned to the user. It should be further pointed out that the server can easily store the values and information related to each customer and provide them to the corresponding customers as needed. Of course, server applications can have primary global variables for users to access as needed.

The ability to identify the requests of each client and save relevant user values in the memory constitutes a State. It can be considered that the State represents the value, environment, and internal variables of the application, and runs through the whole process of connecting the application and the user.

Status importance

If you want to create a web site-based application that interacts with the user, instead of displaying only the web site of the independent page, you must be able to provide an independent status for each user. This may only remember their names, or store object references or different record sets for each user. If you cannot do this, the ASP Web page cannot do more, because the variables and other related information on the page are damaged when the page is executed. When a user requests the next page, all information provided on this page will be lost.

Therefore, you need to find a way to save the status of each visitor. It is important to store global values for all users. For example, a web-style access or page Click counter does not provide each user with its own counter. users usually want to see the total number of visitors, not just the number of visits they have made. The number of visitors must be stored together with the application-level status, rather than with the user-level status.

This is not just a problem. Since commercial websites occupy the Web, they already exist, or even earlier. Therefore, there are many traditional solutions for storing the status on the web. The web site administrator wants to know if a visitor has visited their website before. How many times have they visited the website? Other websites are also regularly accessed. In this way, the advertising targets can be better set. All of these require one way to store the webpage requests or information about each access.

Create status on Web

The common method to provide status between page requests and site access is through cookies. We have seen in the previous sections how to store the corresponding values in the client's computer. These values are sent together with each page request to the valid domain for this cookie. By using ASP to check and update cookies, you can maintain a state to some extent. You can use the information contained to identify the user and connect the user to a set that has stored the corresponding value.

For example, you can check whether a user request contains a cookie specified by a site. If this parameter is not included, a user is assigned a certain type of identifier, indicating a quantity, and stored in a cookie with a long validity period. In the future, this user will be able to detect cookies and update the information contained in each access to this site. At the same time, you can collect data on the number of visits and duration, and store the data on the server for future use.

However, what happens if a user transfers a cookie to another computer, deletes the cookie, or their browser rejects the cookie sent to them? In this case, the status cannot be maintained, because the next time they are not recognized, there are many cookies on the web, most people will accept them, and ignore them. If you open the "warn before accepting cookies" option in the browser and then roam several large sites, you will understand the meaning.

1. Anonymous and authorized visitors

If you think cookie is a sloppy solution, you can use a more direct method. Many websites use one of the following methods: When a visitor clicks a site or clicks a page requesting authentication, A Login Dialog Box is displayed. Visitors must first register and obtain a combination of user names and passwords to allow access to the site or page.

To verify that a visitor is a known and legal user, a cookie is placed on the visitor's computer, or it stores the registered detailed data, or a key that indicates that the identity has been verified )". At the same time, the visitor's detailed data is permanently stored on the server and used for re-access. If the visitor's browser has such a cookie, he can freely access the website because it has been verified.

If the cookie does not have a validity period (expires), the cookie value automatically disappears when the browser is closed. During the next visit, the cookie must be re-registered and re-verified. Of course, if you refuse to receive or delete a cookie, you can only get the registration dialog box again. In this way, the website cannot be accessed if it is not identified.

By forcing users to register to a Web server just like registering to their own network, the overall security of Windows 2000 can provide a stronger and more secure authentication function for IIS. However, this can only work with browsers of Internet Explorer 3.0 and later versions. IIS can also use basic authentication to allow non-Microsoft browsers to register web servers.

2. No anonymous visitors

When using ASP on the IIS web server, users can be tracked in the current session unless the user leaves the site to another website or closes the browser. Later in this chapter, we will see how to use this function to identify a visitor, store the user's local information and provide status. The following describes how to work with a solution that has been discussed.
ASP and IIS jointly propose a user session concept to interact with each other through ASP session objects. When each visitor accesses an ASP Webpage on the server for the first time, a new and independent Session object is created for the visitor and assigned a session ID number to the session, and send a cookie containing the special encrypted version of the session identifier to the customer.

Set the Cookie Path (see the previous section on cookie attributes) to the root path of the ASP application running on the server. This is probably the default web site root directory ("/"), but it may also be another value (which will be seen later ). The expires value is not provided in the cookie. Therefore, when the browser is closed, the cookie value disappears.

Whenever this user accesses this ASP Webpage, ASP will search for this cookie. The name is aspsessionidxxxxxxxx. Each X is a letter. From the servervariables set shown in Figure 2-7 of Chapter 2nd, you can see it in the HTTP header.

However, this cookie does not appear in the request. Cookies or response. Cookies set. asp hides the cookie but stores it in the browser. For each ASP Webpage request, Asp must view this value. The cookie value indicates the user's session. Therefore, the corresponding session object (this object has been processed in the memory and always contains all the values for operations in the request process of the previous page) the content can be handed over to the script in the ASP Web page.

Of course, as mentioned above, if the client browser does not receive or support these cookies, the processing will fail. In this case, an ASP session cannot be created and the visitor's status is not automatically maintained.