160 likes | 259 Vues
Session 10 : Managing State. Overview. State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax File Application and Session Variables Initializing and Using Application and Session Variables
E N D
Overview • State Management • Types of State Management • Server-Side State Management • Client-Side State Management • The Global.asax File • Application and Session Variables • Initializing and Using Application and Session Variables • Application and Session Variable Duration • Cookies and Cookieless Sessions
What is State Management? Without State Management With State Management Login.aspx Login.aspx Please enter your logon information: Please enter your logon information: First Name First Name John John Last Name Last Name Chen Chen Web Server Submit Submit Web Server Greetings.aspx Greetings.aspx Hello Hello John Chen I forget who you are!!
Server-Side State Management • Application state is a global storage mechanism accessible from all pages in the Web application • Session state is limited to the current browser session • Values are preserved through the use of application and session variables • Scalability • ASP.NET session is identified by the SessionID string Web Server Client Computer Application and Session variables SessionID
Client-Side State Management • Uses cookies to maintain state • Persistent cookies • Temporary/ Non-persistent cookies • Less reliable than server-side state management options • User can delete cookies • Less secure than server-side state management options • Limited amount of information • Client-side restrictions on file sizes Web Server Client Computer Cookies
The Global.asax File • Only one Global.asax file per Web application • Stored in the virtual root of the Web application • Used to handle application and session events • The Global.asax file is optional
The Global.asax File (continued) Client Request Response ASP.NET Web Server IIS ASP.NET HTTP Runtime Application_BeginRequest Application_AuthenticateRequest Application_AuthorizeRequest Application_EndRequest Application_ResolveRequestCache Application_UpdateRequestCache Application_AquireRequestState Application_ReleaseRequestState Application_PreRequestHandlerExecute Application_PostRequestHandlerExecute Page execution
Initializing Application and Session Variables • Variables are initialized in Global.asax • The Application object shares information among all users of a Web application • The Session object stores information for a particular user session Sub Application_Start(s As Object,e As EventArgs) Application("NumberofVisitors") = 0 End Sub
Using Application and Session Variables • Set session and application variables • Read session and application variables Session("BackColor") = "blue" Application.Lock() Application("NumberOfVisitors") += 1 Application.UnLock() strBgColor = Session("BackColor") lblNbVisitor.Text = Application("NumberOfVisitors")
Application and Session Variable Duration • Session variables have a set duration after last access • Default is 20 minutes • Session duration can be changed in Web.config: • Application variables persist until the Application_End event is fired <configuration> <system.web> <sessionState timeout="10" /> </system.web> </configuration>
Creating and Reading Session Cookies • You can create and read session cookies by using the Cookies Property of the Response Object and Request Class. • Creating a Cookie • Reading a Cookie Dim objCookie As New HttpCookie(“myCookie”, “Hello!”) Response.Cookies.Add(objCookie) Response.Write(Request.Cookies(“myCookie”).Value)
Creating and Reading Persistent Cookies • A persistent cookie is similar to a session cookie except that a persistent cookie has a defined expiration date • The code below can be used to create a persistent cookie • Persistent cookies can be read in the same way as you would a session cookie Dim objCookie As New HttpCookie(“myCookie”, “Hello”) objCookie.Expires = #12/25/2007# Response.Cookies.Add(objCookie) To create a persistent cookie, specify the expiration time Response.Write(Request.Cookies(“myCookie”).Value)
Retrieving Information from a Cookie • Read the cookie • Retrieve values from the cookie Dim objCookie As HttpCookie = Request.Cookies("myCookie") lblTime.Text = objCookie.Values("Time") lblTime.ForeColor = System.Drawing.Color.FromName _ (objCookie.Values("ForeColor")) lblTime.BackColor = System.Drawing.Color.FromName _ (objCookie.Values("BackColor"))
Using Cookieless Sessions • Each active session is identified and tracked using session IDs • Session IDs are communicated across client-server requests using an HTTP cookie or included in the URL • Cookieless sessions • Session ID information is encoded into URLs • Cannot use absolute URLs • Most browsers limit the URL size to 255 characters, which limits use of cookieless Session IDs http://server/(h44a1e55c0breu552yrecobl)/page.aspx
Setting Up Cookieless Sessions • Session state is configured in the <SessionState> section of Web.config • Set cookieless = true <sessionState cookieless="true" />