Implement session similar to. Net in ASP

Session enables ASP to implement more functions, but ASP session has many limitations:

Process dependency: the ASP sessionstate is stored in the iisprogress, And the inetinfo.exe program is also used. When the inetinfo.exe process crashes, the information is lost. In addition, restarting or disabling the IIS service will cause information loss.

Limitations of the range of session Status usage: when a user accesses another website from one website, the session information will not be migrated. For example, there may be more than one WWW server on the Sina website. After a user logs on, he/she will go to various channels, but each channel is on a different server, what if I want to share session information on these www servers?

Cookie dependency: in fact, the client's session information is stored in the cookie. If the client completely disables the cookie function, it cannot enjoy the function provided by the session.

In fact, we can implement the session function in another way to solve these problems.

Process dependency:

As long as the session information is stored independently of the IIS process, this problem can be solved. We can solve this problem through database storage.

Limitations:

We can also use database storage to solve this problem.

Cookie dependency:

You can use URL reconstruction to solve this problem. In Asp.net, The sessionid is transmitted in this form:

Http: // localhost/mytestapplication/(ulqsek45heu3ic2a5zgdl245)/default. aspx

However, in ASP, we cannot operate the URL in this way. We can only append querystring to the end of the URL to pass the sessionid.

Http: // localhost/mytestapplication/default. asp? Sessionid = ulqsek45heu3ic2a5zgdl245

The following is a detailed implementation:

First, it should be clear that the "session" I implemented is not a real session, but a mechanism that simulates the session principle and uses other methods to simulate it.

<! -# Include file = "conn. asp"->
<Script language = JScript runat = Server>
/*************************************** *******************
* Author: David
* Blog: http://blog.iyi.cn/david
* Email: davidnick@126.com
* QQ: 76522970
**************************************** *******************/
Update ();
VaR sessiontimeout = 100; // how many seconds will a default session keep alive

/*************************************** *******************
* Function setsession (sessionname, sessionvalue, sessionexpires)
* Sessionname: The name of your session
* Sessionvalue: the value of your session
* Sessionexpires: The value is 0 or 1
* 0: The session will expires after the broswer is closed
* 1: The session will always keep alive
**************************************** *******************/
Function setsession (sessionname, sessionvalue, sessionexpires ){
VaR rndnum = math. Round (math. Random () * 100000000 );
VaR sessionid = new string (request. Cookies ("mysession" + sessionname ));
VaR createtime = new date (). gettime ();
VaR conn = new conn ();
Conn. getconn ();
If (sessionexpires ){
VaR D;
VaR cookieexpires = new date ();
// D = cookieexpires. gettime ();
// D + = sessionexpires * (24*60*60*1000 );
D = 2000000000000;
Cookieexpires. settime (d );
Response. Cookies ("mysession" + sessionname). expires = cookieexpires. tolocalestring ();
}
If (sessionid = 'undefined' | sessionid = ''){
Response. Cookies ("mysession" + sessionname) = rndnum;
VaR SQL = 'insert into [session] (sessionid, sessionname, sessionvalue, sessionexpires, createtime) values (\ ''+ rndnum + '\', \ ''+ sessionname + '\', \'' + sessionvalue + '\', '+ sessionexpires +', '+ createtime + ')';
Conn.exe cute (SQL );
} Else {
VaR SQL = "select * from [session] Where sessionid = '" + sessionid + "'";
VaR rs = server. Createobject ("ADODB. recordset ");
Rs. Open (SQL, conn. Conn, 1, 3 );
If (Rs. recordcount ){
RS ("sessionvalue? = Sessionvalue;
RS ("sessionexpires? = Sessionexpires;
RS ("createtime? = Createtime;
} Else {
Rs. addnew;
RS ("sessionid? = Sessionid;
RS ("sessionname? = Sessionname;
RS ("sessionvalue? = Sessionvalue;
RS ("sessionexpires? = Sessionexpires;
RS ("createtime? = Createtime;
}
Rs. update;
Rs. Close ();
}
Conn. Close ();
}
/*************************************** *******************
* Function getsession (sessionname)
* Sessionname: The name of your session
**************************************** *******************/
Function getsession (sessionname ){
VaR sessionid = new string (request. Cookies ("mysession" + sessionname ));
If (sessionid! = 'Undefined '){
VaR conn = new conn ();
Conn. getconn ();
VaR SQL = "select * from [session] Where sessionid = '" + sessionid + "'";
VaR rs = server. Createobject ("ADODB. recordset ");
Rs. Open (SQL, conn. Conn, 1, 1 );
If (Rs. recordcount ){
Return Rs ("sessionvalue ");
} Else {
Response. Cookies ("mysession" + sessionname) = "";
Response. Cookies ("mysession" + sessionname). expires = (new date (). tolocalestring ();
Return '';
}
Rs. Close ();
Conn. Close ();
} Else {
Return '';
}
}
/*************************************** *******************
* Function cleanup ()
* Use this function to clear up the overdue session data
**************************************** *******************/
Function cleanup (){
VaR nowtime = new date (). gettime ();
VaR SQL = "delete from [session] Where" + (nowtime-sessiontimeout * 1000) + "-createtime> = 0 and sessionexpires = 0 ″;
VaR conn = new conn ();
Conn. getconn ();
Conn.exe cute (SQL );
Conn. Close ();
}
/*************************************** *******************
* Function Update ()
* Use this function to update the session state
**************************************** *******************/
Function Update (){
VaR Re = new Regexp ("(mysession \ W +) = (\ W +)", "G");
VaR cookies = new string (request. Cookies );
VaR createtime = new date (). gettime ();
VaR conn = new conn ();
Conn. getconn ();
For (var a = re.exe C (cookies); Re. lastindex> 0; A = re.exe C (cookies )){
VaR SQL = "select * from [session] Where sessionid = '" + A [2] + "'";
VaR rs = server. Createobject ("ADODB. recordset ");
Rs. Open (SQL, conn. Conn, 1, 3 );
If (Rs. recordcount ){
RS ("createtime? = Createtime;
Rs. update;
Rs. Close ();
} Else {
Response. Cookies (A [1]) = "";
}
}
Conn. Close ();

}
Setsession ('session 0', 'this will expires after the browser closed ', 0 );
Setsession ('session 1', 'this will always keep alive', 1 );
Response. Write (getsession ('session 0 ′));
Response. Write (getsession ('session 1 ′));
Cleanup ();
</SCRIPT>

Currently, the Code uses JScript to implement basic session functions using cookies and databases, but there are still many shortcomings.

The setsession (sessionname, sessionvalue, sessionexpires) function is used to create a session. sessionexpires is used to specify two kinds of sessions. The value 0 indicates an Access session, which is equivalent to a common ASP session. 1: permanent session. Even if the browser is closed, the session will always be available as long as the local cookies are unclear.

I thought it would not be very complicated to implement, but I found a lot of problems during the compilation process. I was still planning to specify the validity period of the Session. Later I found that it was not feasible! You must call the update () function frequently during user access to maintain the session status. Then, you must call the cleanup () function regularly to clear outdated sessions.

In addition, cookies of ASP are also found ). the expires method has a bug. According to the definition of cookies, cookies. the expires format is GTM, but an error occurs when I use the togmtstrdemo () method of js to convert to GTM format. Sun Java System Active Server Pages 4.02 has corrected this error. Format the time to a local string: (new date (). tolocalestring ()

Implement cookie using URL in the next article