ASP Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.11

ASP Sessions

Part:   1  2  3 

ASP Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

hyBook - Guestbook Application

Using MS Access Databases

ActiveX Data Object (ADO)

Controlling Response Header Lines

Microsoft Scripting Runtime DLL

Using Cookies

ASP Sessions

ASP Objects

Microsoft Script Debugger

Internet Information Services (IIS)

... Table of Contents

This chapter describes:

  • How ASP server uses cookies to pass an ID with the browser to link multiple HTTP requests together.
  • How ASP server offers the session object to ASP pages to share information between multiple requests or pages.
  • Different ways to pass information between requests or pages.
  • How Perl tools can be used to help debug ASP applications at the HTTP communication level.

What Is a Session?

session: A concept to represent a series of HTTP requests and responses exchanged between a specific Web browser and a specific Web server, see the following diagram:

           Server                Browser
ID created  | <-- Request #1  --< |
            | >-- Response #1 --> | ID kept as cookie
            | <-- Request #2  --< | ID send back to server
            | >-- Response #2 --> |
            |     ......          |

The session concept is managed by the server. When the first request comes from a browser on a new host, the server makes the beginning a new session, and assigns a new session ID. The session ID will be then send to the browser as cookie. The browser will remember this ID, and send the ID back to the server in the subsequent requests. When the server receives a request with session ID in them, it knows this is a continuation of an existing session.

When the server receives a request from a browser on a new host (request without a session ID), the server not only creates a new session ID, it also creates a new session object associated with the session ID. See the next section for details.

If there is no subsequent request coming back for a long time for a particular session ID, that session will be timed out. After the session has been timed out, if the browser comes back again with the associated session ID, the server will give an invalid session error.

You will also get an invalid session error, if the browser send a request with a session ID associated with a session which has been terminated by a ASP page with session.Abandon() method.

The "session" Object

session: An object provided by the server to hold information and methods common to all ASP pages running under one session.

  • Contents: A collection object acting as a cache for different ASP pages to share information. Since "Contents" is the default collection, we write 'session.Contents("myVar")' as 'session("myVar")'.
  • Abandon(): A method to destroy the current session.
  • SessionID: A read only property to return the id of the current session.
  • TimeOut: A property to set timeout period on this session.
  • OnStart(): An event handler to be called when the first HTTP request comes from a new user.
  • OnEnd(): An event handler to be called the session is abandoned or timed out.

Passing Values between Pages

There are many ways to pass values from one pages to the next pages:

  • Putting values into session.Contents.
  • Putting values into application.Contents.
  • Putting values at the end of the redirect URL.

In the following example, I have two ASP pages working together as a registration process. Here is the fist ASP page, reg_form.asp:

<script language="vbscript" runat="server">
'  reg_form.asp
'  Copyright (c) 2002 by Dr. Herong Yang
'  This ASP page presents a registration form, and collects the input
'  data.
'
   response.write("<html><body>")
   submit = request.QueryString.Item("submit")
   if submit = "Submit" then
      ' Collecting the input data
      session.Contents("url") = request.QueryString("url")
      session("email") = request.QueryString("email")
      application("first_name") = request.QueryString("first_name")
      response.Redirect("reg_done.asp?last_name=" & _
         request.QueryString("last_name"))
   else
      ' Presenting the registration form 
      response.write("<b>Registration Form</b>:<br/>")
      response.write("<form action=reg_form.asp method=get>")
      response.write("Firt Name:")
      response.write("<input type=text size=16 name=first_name><br/>")
      response.write("Last Name:")
      response.write("<input type=text size=16 name=last_name><br/>")
      response.write("Email:")
      response.write("<input type=text size=32 name=email><br/>")
      response.write("URL:")
      response.write("<input type=text size=32 name=url><br/>")
      response.write("<input type=submit name=submit value=Submit></br>")
      response.write("</form>")
      response.write("Your session ID is " & session.SessionID & "<br/>")
   end if
   response.write("</body></html>")
</script>

(Continued on next part...)

Part:   1  2  3 

Dr. Herong Yang, updated in 2002
ASP Tutorials - Herong's Tutorial Notes - ASP Sessions