Overview:
The session Object are how to track a single user across many pages. It has four (4) properties, two (2) collections, one (1) method, and two (2) events.
Get started:
In this series of examples we create a password system. We'll use the sessions Object to track whether or not a user's authorized to view certain pages. Below are several scripts for lesson12. Look in them, play with, and then read the explanations this come further down the page.
<% @LANGUAGE = "JavaScript"%>
<%
//no ASP here, just a regular HTML Page
%>
<HTML>
to play along with our Password page, put in a user name and a password.<br>
<br>the correct user nam E is <I>guest</I>.<BR> and the
correct password is also <I>guest</I>.<BR>
<form method= "POST" action= "script12a.asp" >
user:<input type= "text" size= "9" name= "UserName" value= " Guest "><BR>
pass:<input type=" password "size=" 9 "name=" UserPassword "value=" Guest ">
<br >
<input type= "Submit" value= "Login" >
</FORM>
</HTML>
Click here to run script12.asp in a new window. Below is script12a.asp.
<% @LANGUAGE = "JavaScript"%>
<%
var username=new String (Request.Form ("UserName"))
var Userpassword=new String (Request.Form ("UserPassword"))
if (username== "Guest" && userpassword== "Guest")
{session
(' Authorized ') =true
Response.Redirect ("script12b.asp")
}
else
{
session ("Authorized") =false
%>
<HTML> You
did not supply the correct Name & password.<br>< C14/><a href= "script12.asp" >click here</a> to log in.
</HTML>
<%
}//end Else statement
%>
We'll skip over script12b.asp entirely because it ' s almost exactly the same as script12c.asp. Down Below is script12c.asp.
<% @LANGUAGE = "JavaScript"%>
<%
if (Session ("Authorized")!=true)
{
%>
Above is script12c.asp, which is the second of two password-protected pages. Below is script12.asp, which is the logout page.
<% @LANGUAGE = "JavaScript"%>
<%
if (Session ("Authorized")!=true)
{
%>
A Quick Explanation:
After "All", the last thing your want to be another grey box full of code. Sorry to does it one more time but, the keystone to this system was in script12a.asp. I ' ve reprinted it down below.
if (username== "Guest" && userpassword== "Guest")
{session
("Authorized") =true
Response.Redirect ("script12b.asp")
}
Any page can now is turned into a password protected page with the following line:
if (Session ("Authorized")!=tru e)
. Session Variables are part of the session collections. Let ' s talk about them.
Session Collections:
The two session collections are session.contents and session.staticobjects. They parallel the application.contents and application.staticobjects.
Using
session.contents ("somevariable") = "somevalue"
we can set session Variables. These variables allow us to carry values from one page to the next. Since Contents is the default collection we can use a little shortcut. It goes like this: Session
("somevariable") = "somevalue"
.
The shortcut is what your saw in the scripts above.
Session.Contents has two methods of its own. They are
Session.Contents.Remove ("VariableName")
and
Session.Contents.RemoveAll ()
.
We did not demonstrate staticobjects in the scripts above. It comes in the form of the <OBJECT> flag (set for session scope).
No Sharing:
Remember How application variables could being shared by all viewers on your ASP Web site? That's not so and session Variables. They are private; Session Variables are to is accessed only by one user.
Session.Abandon ():
My bet is your could figure out Session.Abandon () without any explanation. However, let me just state for the record that Session.Abandon () ends the user's session and releases the session Variable s from memory.
Session Properties:
Let ' s briefly discuss two properties for you are not likely to use. Session.CodePage lets for foreign character sets, like Chinese or Russian. Session.LCID is a location identifier. It determines the time zone and language for the server. Don ' t mess with it.
Now let's move on to something your might actually use from time to time. Session.SessionID is a Read-only property generated by the server, and assigned to one specific user during one specific s Ession. The SessionID follows the user from the beginning's session until the end.
Session.Timeout is the number of minutes so a user can be idle before the Server ends the user's individual session and Reclaims the memory that is allocated to session Variables. (Session.Timeout is demonstrated in the Global.asa in Lesson 10.)
Session Events:
The two session events are Session_OnStart () and Session_OnEnd (). These events are accessed in the Global.asa. You can be example of Global.asa in Lesson 10.