INT422 Internet III Web Programming on Windows

1
INT422 Internet III Web Programming on
Windows

• State Management

2
Learning objectives

• State Management
• Learn about the concepts and classes that allow
  you to preserve data while users are running your
  ASP.NET web applications

3
Why state management

• ASP.NET web apps run on servers and serve clients
  using the HTTP communications protocol
• HTTP is stateless
• According to the HTTP protocol standard, the
  server follows a request reply processing
  model
• After receiving a request, the server processes
  the request, and sends the reply to the browser
• Then, it immediately discards all data associated
  with the request and reply

4
Why state management

• Interactive web apps require data to be preserved
  between postbacks
• Therefore, if this need cannot be met from within
  the HTTP protocol standard, the web server must
  provide facilities to meet this need
• The ASP.NET web app environment provides a rich
  set of options for preserving data, and well
  explore many of them on the following pages

5
Web forms page processing 101

• Important Understand the division of labor
  that happens during web form page processing
• Browser user requests a web forms page via URL
• Server sends this new page to the browser
• Browser presents the user with a form
• User interacts with the form, and posts it back
• Server processes the form, and returns it to the
  browser
• This is referred to as a round trip or
  postback

6
Round trips postbacks

• Some user actions (events more on this soon)
  result in a round trip / postback
• Command button clicks
• Other controls that have the Autopostback
  property set to True (by default, this value is
  set to False)
• Typical events that are supported
• Click (button)
• SelectedIndexChanged (dropdown list, listbox)
• CheckChanged (radio button, check box)
• TextChanged (textbox)

7
What ASP.NET does for you

• It automatically saves page and control
  properties between round trips / postbacks
• It provides you with the ability to save your own
  variable and object information between round
  trips / postbacks
• It can detect when a web form is being requested
  by a user for the first time during an
  interactive session ( Page.IsPostBack )

8
Concept revisited events

• Review / reminder
• ASP.NET is an object oriented programming
  environment for creating and executing web apps
• Web apps follow an event driven processing model
• New A web form is processed as follows
• page initialization, control values restored
• Page_Load runs user code in this code block
• Validation if present, validation is done
• Event handling executes the code block of the
  default event that caused the postback (e.g. a
  button click)
• Page is rendered, unloaded, resources freed up

9
OK

• back to preserving data

10
Where can data be preserved?

• In a client server environment, there are
  (obviously) two choices
• Client
• Server
• In your real-world web apps, data is often
  preserved in both places
• OK thats great but where exactly does this
  data get stored?

11
State management options

• CLIENT based options
• On the page
• View state property
• Hidden form fields
• Cookie
• Query string

• SERVER based options
• Session state object
• Application state object
• Advanced in a database (often used with a
  cookie)

12
CLIENT view state

• Built-in, automatic
• Current state of the page and controls is encoded
  into a string and saved as an HTML hidden field

13
CLIENT view state

• Values must be strings
• Therefore, if a conversion is needed, you must do
  it
• To create a new view state element
• ViewState"color "yellowViewStatepi
  3.14
• To retrieve from a view state element
• string s (string)ViewState"colordouble
  val (double)ViewStatepi

14
CLIENT view state tips

• View state is enabled by default
• If you arent going to use it, turn it off
• You can also disable view state for a control
• The property is EnableViewState
• Why would you do this?
• If a control contains lots of data, and the data
  source DOES NOT come from the view state
• We may see this soon as we discuss DataSet
  objects
• Incidentally you can disable view state for a
  page

15
CLIENT cookie

• A cookie is a small amount of data stored either
  in a text file or in browser memory
• Cookies
• Can be temporary or persistent
• Can store info about a client, a session, or an
  application
• Are sent by the browser to the server along with
  a request (or postback)

16
CLIENT query string

• A query string is data appended to a page URL
• Format reminder
• The page URL followed by
• ? A question mark followed by
• attributevalue one or more, separated by
• Used in GETs, not POSTs
• Implication use in Hyperlink web controls
• Data limited in length URL query string lt 255

17
SERVER session

• Very powerful yet easy-to-use method of
  persisting data between round trips / postbacks
• Session concepts
• HTTP is stateless a server does not know if a
  series/sequence of requests is coming from a
  specific client
• And therefore it does not know if the
  series/sequence of requests is related logically
  in any way
• Solution ASP.NET provides support for sessions

18
SERVER session

• To support sessions, the server has executable
  components and a storage area
• An important executable component is a State
  Server, which creates session identifiers, and
  manages the session lifetime and status
• The storage area is where data that needs to be
  persisted during the session is stored
• The storage area can be located
• In memory on the server the web app is running on
  (default)
• In memory on a separate state server network
  server/computer
• In a SQL Server database on a network
  computer/server

19
SERVER session

• When a browser client requests a URL for the
  first time, a session ID value is automatically
  created at the server
• SessionID is a 120-bit string
• Generated to guarantee uniqueness and randomness
• Sent to the client with the page using an HTTP
  cookie (usually) or a modified URL (depending on
  settings)
• Stays with round trips/postbacks

20
SERVER session

• Session items are binary streams
• More powerful than simple strings, because you
  can store objects in session state collection
  objects
• Therefore, you must manage type conversions in
  code

21
SERVER session example 1

• To create a new session item string
• string s "yellow
• Session"color s
• To retrieve from a session item string
• string s (string)Session"color if(s
  null)
• // color is not in session

22
SERVER session example 2

• To create a new session item object
• //Assume "Student" is a class/type
• Student s New Student()
• //More code here to set properties
• Session"thestudent s
• To retrieve from a session item object
• Student s New Student()
• s (Student)Session"thestudent

23
SERVER session QA

• When does a session start?
• A browsers first request to a URL in a web app
• How long does a session last?
• By default, set for 20 minutes from the most
  recent request / round trip / postback
• How does a session end?
• Method 1 timeout
• Method 2 user closes browser, or navigates away
  from the web app
• Method 3 use Session.Abandon method (or other
  methods from other classes)

24
SERVER session error handling

• Heres something to remember if a session times
  out, data stored in a session object will be
  discarded
• Unless you handle this situation, your web app
  will throw an exception so, trap it
• Try
• myVar Session"color.ToString()
• //Other code here...
• Catch
• Server.Transfer("login.aspx")
• // or Response.Redirect(login.aspx)

25
SERVER application

• An application-wide storage mechanism
• Data available to all users of this application
• Server-managed

26
CLIENT or SERVER advanced

• For your information and self-study only
• ASP.NET supports serialization of objects to a
  stream (e.g. XML)
• This can be yet another way of persisting data
• ASP.NET supports data caching
• In the Application object
• Good for expensive-to-create data

27
State management recommendations

• See the MSDN Library article for more detail
• Consider the following criteria
• How much information do you need to store?
• Does the client accept cookies?
• Do you want to store info on client or server?
• Is the information sensitive?
• What performance criteria are there?

28
State management client side

• Client side options features
• Client-side storage this option does not use
  any server resources (memory or storage)
• Minimal security
• Simple
• Good performance usually
• Not good for vast amounts of information to be
  persisted, because it round-trips
• Some users turn off browser cookies, so you
  cannot count on using some client-side options

29
State management server side

• Server side options features
• Easy to use in the ASP.NET environment
• Durability and reliability
• Scalability (across server farms etc.)
• Can work with browsers that have turned off
  cookies
• Theres a performance implication if you store
  vast amounts of data in session state on a server
  that has hundreds or thousands of other similar
  web apps guess what performance suffers
• Security is good

30
Encapsulating ViewState and Session

• To hide the ViewState use, and make it look like
  an attribute of a class you could do the
  following
• public int SelectedIndex
• get
• object obj ViewState"SelectedIndex"
• if(obj null)
• return -1
• else
• return (int)obj
• set
• ViewState"SelectedIndex" value
• Remember that the scope of this property (because
  of the ViewState) is the page.

31
Encapsulating ViewState and Session

• If you need to carry the value of the property
  from one page to another, you must use Session.
• public int SelectedIndex
• get
• object obj
• if(obj null)
• return -1
• else
• return (int)Session"SelectedIndex
• set
• Session"SelectedIndex value
• Remember that this property stays alive while the
  browser is open and is not inactive for more than
  20 minutes.

32
The uniqueness of Session variables

• Note that in that pervious example
  SelectedIndex will be shared between all
  instances of its owner, which means
• If Menu X, Y And X.SelectedIndex 20
• Then the value of Y.SelectedIndex will be 20
  too, since they both refer to the same
  SessionSelectedIndex. To fix this you can
  concatenate the programmatic identifier of the
  owner to the session name
• public int SelectedIndex
• get
• object obj
• if(obj null)
• return -1
• else
• return (int)Session"SelectedIndex
  this.ID
• set
• Session"SelectedIndex this.ID
  value