TAD's Quick ASP/Database tut 2
Session variables
Whenever a new visitor ('client') opens a webpage the server creates a new 'Session'. This is an object that can be used to store values and can be accessed by other pages on the same server. By default a Session lasts for about 20 minutes unless it is Abandoned or another page is requested by the client/visitor. Once the session has ended ALL data in the object is deleted forever!
The session object is an ideal method of storing short-term data such as a username, login flag or preferences while the client uses a website.
Session Login example
The following example consists of three ASP pages. The first one will be our login page and the second will be our 'protected' page that can ONLY be viewed if the user has logged using the password: 27 and ANY username you wish. And the third page is the 'signout' page which does the reverse of the login.
Page 1 - Session1.asp
<%@ Language=VBScript %>
<% Option Explicit %>
<%
If Request.QueryString("action")="login" Then
If Request.Form("password")="hugi" Then
Session("UserName") = Request.Form("username")
Session("login") = "yes"
End If
End If
%>
<html>
<head>
<title>Session 1 - login page</title>
</head>
<h1>Welcome to the login page</h1>
<% If Session("login")<>"yes" Then %>
<form name="form1" method="post" action="session1.asp?action=login">
username:<input name="username" type="text" id="username"><br>
password:<input name="password" type="text" id="password"><br>
<input type="submit" name="Submit" value="login">
</form>
<% Else %>
Hello there <%=Session("UserName")%>!<br>
<a href="session3.asp">click here</a> to sign out.
<% End If %>
<hr>or <a href="session2.asp">view protected page</a>
</html>
Page 2 - Session2.asp
<%@ Language=VBScript %>
<% Option Explicit %>
<%
If Session("login")<>"yes" Then
Response.Redirect "session1.asp"
End If
%>
<html>
<head>
<title>Session 2 - Protected page</title>
</head>
<h1>Welcome to the Protected page.</h1>
<a href="session3.asp">click here</a> to sign out<br>
or back to <a href="session1.asp">login</a> page.
</html>
Page 3 - Session3.asp
<%@ Language=VBScript %>
<% Option Explicit %>
<%
Session("UserName") = ""
Session("login") = ""
%>
<html>
<head>
<title>Session 3 - sign-out page</title>
</head>
<h1>You have sign-out. Thank you.</h1>
</html>
The 'protected' Session2.asp page simply compares the Session variable called "login" to see if it contains the string "yes", if not the server sends the visitor back to the 'login' (session1.asp) page using the Response.Redirect command.
The 'global.asa' file
This file is useful for placing session_OnStart and session_OnEnd functions. Like you would imagine these two event handlers are invoked when a visitor is given a new session or when he/she ends a session. One simple use of this would be to keep track of a 'visitor-count' (using a database or simple text-file on the server) and store this value in the Session object. Another use would be to record how many visitors are currently viewing the site.
I won't go into any more details about this file because there is plenty of information on the net (check out www.w3schools.com for some useful examples and reference material). You should try to keep the global.asa short and simple as possible.
Summary
As you can see the Session object is pretty easy to both understand and use in your ASP pages. Its ideal for short-term data storage, but for longer term you will need to use either a Database or a plain text-file.
Next we will look at setting up and using an Access Database...