Using Session Variables
Introduction.
Previously in this course we have discussed how typical web interactions
working at the most common level are stateless.
That is, the web server doesn't really maintain any information about any
particular client from one request to the next. We have also
described how it can be important to maintain different types of persistent
information for the web server. For example,
This list can go on and on. There are several ways to maintain persistent information about a client or group of clients for web interactions. The approach that we will develop in this web page relates to the Session object. The Session Object. The Session object has been developed to maintain information on a user-by-user basis so that it can be accessed through any ASP page on your web site. A Session object can store any kind of data type, from numbers to strings, arrays and even other objects. The Session object is used to maintain state only for the duration of the client's visit to the web site. When each user comes to your site, memory on the web server is allocated to store the Session object for each user. The memory is released if the user doesn't visit your web site for a certain length of time. The time period is 10 minutes by default, but can be adjusted. Each variable stored in the Sesion object is referred to as a Session Variable. Now we will work using the Time( ) function to set a session variable and then observe how it persists. The following is the code for TimeOfDaySession.asp. <%@ Language=VBScript %> The meaning of the code will be discussed in class. When you go to the web page you should see something like the following. |
But before you can click on the link you need to make
sure you have TimeOfDayCompare.asp, which contains the following code.
<%@ Language=VBScript %> After uploading this ASP and waiting a little while and clicking on the link you should see a screen like the following. |
Now you should wait a while longer and then refresh the
page.
Now you should close your browser and then open it back up and go directly to the TimeOfDayCompare.asp. You are quite likely to get a blank for the Session Variable. Improving the Login.asp. Now we are going to work on improving the Login.asp to make use of session variables. What you should do is enter the URL for your Members.html and notice that you have no trouble going directly to the page and entirely circumventing the login procedure. How can this be improved? What if we define a session variable that is checked right at the beginning of of the Members page. You need to create a new ASP called MembersSecure.asp. We need the ASP extension in order to get it to process correctly. The code for this should be the following <%@ Language=VBScript %> Notice the little If - Then snippet at the beginning that checks for the value of the session variable ValidUser. If it isn't correct then you are rerouted back to the LoginSecure.html form page. This will make sure that someone passes through the login procedure. The code for LoginSecure.html follows <HTML> About the only real change is that the form information is posted to ValidationSecure.asp. The code for this should be the following. <%@ Language=VBScript %>
Else
End If Notice the only real modification of this is to include a statement within the the part of the logic that handles correct logins. If someone correctly uses the password then the session variable is set Session("ValidUser") = "TouchYou". Now if you end your session and then try to go directly back to MembersSecure.asp you will not be able to circumvent the LoginSecure.html page. This entire login procedure can be upgraded for individual users by using a database table for username and password information. |