Before we start this lesson let's see how does web or http protocol work. When you type an address in your bar and press "enter" key, browser creates a socket connection to the server and asks for a html file ( a web page in fact) server sends the file and closes the connection.
Browser parses the html code and connects to server and asks for each picture file needed for the page. Each picture file (gif or jpg normally) is received in a separate connection.
As you see there will be no way for the server to know someone from one connection to next one.
What is a session?
In complex applications we will want to recognize each user from the other when more than one user uses a specific application. For example we may want to remember the name of each person who is connected to server until he decides to leave. Something called a session will be used for this purpose.
A session starts when a user requests a page from the server for the first time and ends after user leaves.
In fact a session ends after a specific time since user's last request to web server. Default time for session time out is 20 minutes.
Session are used to store some information about the user on server.
Each user connected to a website will have a separate session and a unique session number.
For example support we want to chose some books from different pages of a bookshop website. We can use session variables (variables stored in a session) to hold choices. At the end we can calculate the invoice using the information saved in session.
As another examples you have seen modern websites that will remember you on a different pages on their site after you log in for the first time.
Your information such as your name is saved on your session. This information will be retrieved by next pages and your name is displayed on other pages with this method.
Storing info in sessions
Storing a variable in a session is very easy. We will use session objects to do this.
Executing above code for the first time will create a session variable and will assign tha value "John" to it.
Now regardless of the ASP page being executed on the server, we have access to session variable. We can retrieve stored with below code.
Now let's see an example. You may remember example 4-1 of previous lesson.
We have modified login example of previous lesson for our next example.
<form action="login.asp" method="post">
User Name: <input type="text" name="username"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Enter">
Dear <%=username%>, Welcome to Board<br>
Your password is <%=pass%>
<a href="clubs.asp">Click here to go to clubs</a>
Dear <%=username%>, Welcome to Clubs Again<br>
We have not modified login.html file but we have added below line to login.asp page.
This will create a session variable "user" and store username in this variable.
We have also added a link to another asp page. We have assumed this page to be start page of our clubs section.
In this page we have used below code to retrieve username that we stored in login.asp page.
Now that we have retrieved user name we can display it on other pagesusing below code.
Dear <%=username%>, welcome to clubs.
Session time out
As we told latter, default time out for a session is 20 minutes. This means that if a user does not request a new page in 20 minutes, all session information will be lost.
If you develop applications that you expect long idle times, you will need to modify default time out. For example you may want to write programs that need large amounts of information to be filled in forms before submitting and this may loose session information.
Modifying session information is very easy.
Above code will change time out to 45 minutes.
Terminating a session
As we saw latter you can save information about users in session variables. Sometimes you may want to end a session and remove more information using your code.
An example is a "logout" link on your application.
If you are using session information for logged in users, you may logout them by terminating their session and therefore removing their information from session variables.
Then you must test to see if user has valid session variables (ie username etc.) before doing something.
As an example a webmail system will not let a user to see mails or do anything if his session has timeout or terminated by clicking on logout link.
You can terminate a session by below code.
This lesson ends here. Until now we have learned some general ASP programming concepts. But there are more. ASP control structures, Applications, Cookies, Database, Mail ,... are among the subjects we will study in ASP web programming course.
We will stop here and you will have enough time to work on your own applications.
1- Write a small counter code that you can add it to your ASP pages, so that it can count each view of the page. Use a session variable this time. Why this type of counter cannot be used effectively?
Course Project 1:
Design a login page with three fields. First and second fields are user name and password. Third field will contain 5 radio buttons (in fact we will have 7 controls on our form).
User must be able to choose an Icon (a small bitmap that will stand next to each radio button) as his sign.
After pressing the login button user will go to another page. (by clicking on alink)
In this new page you must display both user name and the icon chosen by user.