Overview:
The Session Object is how you track a single user across many pages. It has four (4) properties, two (2) collections, one (1) method, and two (2) events.
Get Started:
In this series of examples we will create a password system. We will use the Session Object to track whether or not a user is authorized to view certain pages. Below are several scripts for lesson12. Look at them, play with, and then read the explanations that come further down the page.
<%@LANGUAGE="JavaScript"%> <% //No ASP Here, just a regular HTML Page %> <HTML> To play along with our password page, put in a user name and a password.<BR> <BR>The correct user name is <I>guest</I>.<BR> And the correct password is also <I>guest</I>.<BR> <FORM METHOD="post" ACTION=""> User:<INPUT TYPE="text" SIZE="9" NAME="userName" VALUE="guest"><BR> Pass:<INPUT TYPE="password" SIZE="9" NAME="userPassword" VALUE="guest"> <BR> <INPUT TYPE="submit" value="Login"> </FORM> </HTML>
Click Here to run in a new window. Below is .
<%@LANGUAGE="JavaScript"%>
<%
var userName=new String(("userName"))
var userPassword=new String(("userPassword"))
if (userName=="guest" && userPassword=="guest")
{
Session("Authorized")=true
("")
}
else
{
Session("Authorized")=false
%>
<HTML>
You did not supply the correct Name & Password.<BR>
<A HREF="">Click here</A> to log in.
</HTML>
<%
} //end else statement
%>
We'll skip over entirely because it's almost exactly the same as . Down below is .
<%@LANGUAGE="JavaScript"%>
<%
if (Session("Authorized")!=true)
{
%>
<HTML>
You are not an authorized user.<BR>
<A HREF="">Click here</A> to log in.
</HTML>
<%
}
else
{
%>
<HTML>
The <B>second</B> of two pages that are password protected.<BR>
<A HREF="">Click Here</A> to log out.
</HTML>
<%
} //end of else statement
%>
Above is , which is the second of two password-protected pages. Below is , which is the logout page.
<%@LANGUAGE="JavaScript"%>
<%
if (Session("Authorized")!=true)
{
%>
<HTML>
You are not an authorized user.<BR>
<A HREF="">Click here</A> to log in.
</HTML>
<%
}
else
{
var SessionID=
()
%>
<HTML>
You have sucessfully logged out.<BR>
This was session <%=SessionID%>.<BR><BR>
Now try a link to one of the
pages you've already visited.<BR><BR>
<A HREF=""></A><BR>
<A HREF=""></A><BR>
<A HREF=""></A><BR>
</HTML>
<%
} //end of else statement
%>
A Quick Explanation:
After all that, the last thing you want to see is another grey box full of code. Sorry to do it one more time but, the keystone to this system is in . I've reprinted it down below.
if (userName=="guest" && userPassword=="guest")
{
Session("Authorized")=true
("")
}
Any page can now be turned into a password protected page with the following line:
Session Collections:
The two Session Collections are and . They parallel the and .
Using
The shortcut is what you saw in the scripts above.
has two methods of its own. They are
We did not demonstrate StaticObjects in the scripts above. It comes in the form of the <OBJECT> flag (set for Session scope).
No Sharing:
Remember how Application variables could be shared by all viewers on your ASP web site? That's not so with Session Variables. They are private; Session Variables are to be accessed only by one user.
( ):
My bet is you could figure out () without any explanation. However, let me just state for the record that () ends the user's session and releases the Session Variables from memory.
Session Properties:
Let's briefly discuss two properties you are not likely to use. lets you call for foreign character sets, like Chinese or Russian. is a location identifier. It determines the time zone and language for the server. Don't mess with it.
Now let's move on to something you might actually use from time to time. is a read-only property generated by the server, and assigned to one specific user during one specific session. The SessionID follows the user from the beginning of the session until the end.
is the number of minutes that a user can be idle before the Server ends the user's individual session and reclaims the memory that was allocated to Session Variables. ( is demonstrated in the in lesson 10.)
Session Events:
The two Session events are Session_OnStart() and Session_OnEnd(). These events are accessed in the . You can see an example of in lesson 10.