Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9

Objectives l In this chapter you will: l Become familiar with the subroutines within the Global Application File l Create application variables using the application object l Create session variables using the session object l Write cookies using the response object l Read cookies using the request object l Become familiar with the kind of information that should be included in a privacy policy 9

What Is a Web Application? l A Web application is a group of files and folders (including virtual folders) located under the Web application’s root directory l With a Web application, you can create scripts that run when the Web application starts and stops l These scripts are stored within a Global Application File l You can run your Web application in its own memory space to prevent an error in one Web application from bringing down the rest of the Web applications on your server 9

What Is a Web Application? l This memory space is referred to as an isolated process, and is separate from the process that contains the IIS Web server l A Web application can have only one Global Application File l The Global Application File is a text file called global.asa, which must reside in the root directory of the Web application l The Global Application File contains only server- side script 9

What Is a Web Application? 9 l It does not contain any HTML or client-side scripts l The four subroutines that are available in the Global Application File are: Application_OnStart Application_OnEnd Session_OnStart Session_OnEnd l The application and session objects are part of the ASP built-in object model

What Is a Web Application? l One of the biggest challenges in creating interactive Web pages is maintaining the state of the user l A privacy policy is often used to inform the user about the type of information that is being collected, and to inform the user what is being done with that information l The application object allows you to maintain application state l You can maintain information across the entire Web application with the application object 9

What Is a Web Application? l The session object is used to maintain session state l The session state maintains information across a single session l In order to use ASP to maintain state within an application, the client must support per-session cookies l A per-session cookie is used to allow the server to identify the client l The per-session cookie is temporary, and is deleted when the session ends 9

Accepting Per-Session Cookies in Internet Explorer 9

The Application Object 9 l The application starts when the first user accesses a page with the.asp file extension l When the application starts, the Application_OnStart subroutine is executed l This subroutine can be used to initialize application variables l Application-level variables can keep track of information across multiple users within the same application

Application Variables l The application variables are stored within the application object’s contents collection as an array of name and value pairs l To create an application variable, identify the application object, the name of the variable inside a pair of quotation marks, the assignment operator (=), and the value l You can identify the variable as part of the application contents collection, but this is optional 9

Application Variables l Unlike the form collection and QueryString collection, the contents collection of the session object requires you to directly retrieve the values from all session variables l You can remove an application variable individually, or remove all of the variables within the contents collection l The remove method allows you to remove a single variable 9

Creating an Application Variable l Follow the steps listed on pages 322 and 323 of the textbook to create the Global Application File, define an application variable, and retrieve an application variable l You data directory must be defined as a Web application for this activity to work l Refer to the procedures outlined on pages 323 and 324 of the textbook to create a Web site counter using application variables 9

The StaticObject Collection 9 l A component is an executable code that is encapsulated within a dynamic-link library (.dll) or in an executable (.exe) file l After you install a component on the server or client, you can use the objects, properties, methods, and event handlers built within the component l The component must be installed and registered using the RegSvr32 utility on the Web server l Before you can use the properties and methods of these objects, you must instantiate the component

The StaticObject Collection l The ASP built-in server object has a method called CreateObject that allows you to instantiate an object on the server l When the CreateObject method creates the object, it will immediately begin to use system resources l An alternative to the CreateObject method is the StaticObjects collection l The StaticObjects collection contains objects added by means of the tag 9

The StaticObject Collection l The application and session object both contain a StaticObjects collection l Application and session objects can be easily misused l If you store many or large objects within the application or session objects, they will consume large amounts of the server’s memory resources, which will negatively affect performance on the server l Another common misuse occurs when you store database objects, such as the connection object, within a session object 9

The Session Object l A session begins when a user requests an ASP page from a Web application l This first ASP page request directs the Global Application File to start the Session_OnStart subroutine l Within the session object is a contents collection, which contains all of the session variables 9

The Session Object 9 l Session-level variables track information across a single user’s session l The values stored in the session variables can vary from user to user l While application variables must be declared in the Global Application File, session variables can be created within any ASP page in the Web application

Session Variables l To create a session variable, identify the session object, the name of the session variable in quotation marks, the assignment operator (=), and the value l You can identify the variable as part of the contents collection, but this is optional l If the value of the session variable is numeric, do not use quotation marks l It is useful to add a prefix such as “sess” or “s” to the session variable to distinguish application- and session-level variables from local variables 9

Session Variables l Session variables, like application variables, are stored within a collection l You cannot retrieve the variables from all session variables directly, as you can from the form and QueryString collections l The session object contents collection, like the application object contents collection, is an array 9

Using Session Variables l Use the instructions shown on pages 328 to 330 of the textbook to define and retrieve session variables l You will create a form that will allow users to enter their name and select their membership status l Then, you will create a page that will retrieve the values and assign them to session variables by following the directions on pages 330 and 331 of the textbook 9

Using Session Variables to Store Data 9

The Timeout Property l The timeout property, identifies the amount of time that a session is allowed to remain open while the user is inactive l This value is inherited by all user sessions, not just the active user session l Below is the syntax for retrieving the timeout property of the session object: Session.Timeout l The timeout property only applies to the session object l The application object does not have a timeout property 9

The SessionID Property l A unique identifier called the SessionID identifies each session l The SessionID can be obtained via the SessionID property of the session object l This number is determined by several factors, such as the current date and the IP addresses of the client and server l You cannot change the value of the SessionID property, which uses a special session cookie to maintain the session information 9

The SessionID Property l A SessionID can be used to track a user across a single session, but not across multiple sessions l To track a user across multiple sessions, other information and techniques can be used in combination with the SessionID l Use the steps on pages 333 and 334 of textbook to pass the SessionID using a form 9

Passing the SessionID in a Form Field 9

The Abandon Method l The session stops when the session timeout is reached, the user closes the browser, or the session is abandoned l Some browsers keep the session open, even if the user is visiting another Web site l You can force the session to be abandoned by calling the abandon method of the session object l The abandon method stops the session gracefully; its syntax is as follows Session.Abandon 9

CodePage and LCID Properties l For international Web sites, other useful session properties include the CodePage and LCID l These properties are used when developing Web sites that will be used outside of the U.S. l The CodePage identifies the type of characters, digits, and punctuation symbols that are specific to a location, which is referred to as the locale l The LCID is used to format the local settings for date, time, and currency 9

Cookies l Cookies are used to maintain information about an individual user across sessions l If you are using Netscape Navigator, all cookies are stored as a single text file named cookies.text, which usually resides in the root directory of the Netscape application l All Web servers have the ability to write to this cookie file 9

Cookies 9 l The cookie file stores the name of the cookie, the value, and the name of the server that wrote the cookie

Writing a Cookie l ASP provides a simple method to write and read cookies l Cookies are written using the response objects, and read using the request object l To create a cookie, you name the cookie and give it a value l Below is the syntax for writing a simple cookie using an absolute expiration data 9

Writing a Cookie l If you want the browser to delete the cookie, you can specify a date in the past, such as “Date - 1” or “July 4, 1776” l Below is the syntax for deleting a cookie using a relative date l The value assigned to the cookie can be hard-coded in the script, or soft coded l Hard-coded means that the value is written in the code and will not change unless the script is rewritten 9

Writing a Cookie l You can create a cookie with multiple names and values l This type of cookie file is really named group of cookies l To create the cookie, name the group of cookies with the same name, and then name the individual cookies along with their values l All cookies within the named group of cookies share the same expiration date l When you write a cookie that contains multiple cookies, you must write them all at the same time 9

Reading a Cookie 9 l You can retrieve a cookie’s value—whether from a simple cookie or from a group of cookies— using the request object l To retrieve a simple cookie with one value, specify the name of the cookie l One of the benefits of using ASP rather than client-side scripting is that the request object parses out the cookie names and values for you

Reading a Cookie l Below is the syntax for retrieving a simple cookie with one value l To retrieve the value of a single cookie from a group of cookies, you must identify the name of the cookie group as well as the name of the individual cookie l Below is the syntax for retrieving a single cookie from a group of cookies 9

Creating Web Pages That Use Cookies l Cookies can be written and retrieved from the same Web page, or from different Web pages l Follow the procedures outlined on page 340 of the textbook to hard-code a single cookie using a variable l Cookies can also be soft-coded, and can obtain their values from users l Using the processes shown on pages 341 to 343 of the textbook, you will give the values of the cookies that will be displayed in the browser 9

Writing the Values from a Form to a Cookie 9

Creating Pages Without Cookies 9 l You can create applications that can maintain information without using cookies l One of the choices is to carry the information across pages using a hidden text field l This option would require you to use a form within each page of your Web application l Another method is to use a hard-coded hyperlink l When users log in, you would assign each a unique user identifier

Creating Pages Without Cookies l You can create a hyperlink that uses this identifier to identify the user l All hyperlinks would need to be encoded with this identifier l If the user turns off cookies, only the first method can be used, because using ASP requires cookies l To avoid having to hard-code the identifier, you could use client-side scripting to retrieve the value from the form when the user enters a user ID l Whatever method is chosen, it is important to be able to maintain state for the duration of the user’s session 9

Privacy Policies l Today many users do not want to allow Web sites to keep information about them l Web sites that discuss privacy issues and privacy policies TRUSTe ( Electronic Frontier Foundation ( Life Beyond Yahoo ( Privacy.net ( CDT - Center for Democracy &Technology ( 9

Summary l A Web application is a group of files and folders configured by Web server software l Global Application File is used to maintain information that is used across the Web application l The application object can be used to create application variables that will apply to all users l The application variable must be defined in the Global Application File 9

Summary 9 l The session object can be used to create session variables that apply to a specific user and a specific session l The session object contains other useful properties, such as timeout l The SessionID property is assigned by the server, and provides a way to identify the client during the user session l A cookie can be used to maintain information across multiple sessions for a specific user