IT533 Lectures

1
Session Managementin ASP.NET

• IT533 Lectures

2
Session Tracking

• Personalization
• Personalization makes it possible for
  e-businesses to communicate effectively with
  their customers.
• Online shopping sites often store personal
  information for customers, tailoring
  notifications and special offers to their
  interests.
• Privacy
• A trade-off exists, however, between personalized
  e-business service and protection of privacy.
• Some consumers fear the possible adverse
  consequences if the info they provide to
  e-businesses is released or collected by tracking
  technologies.

3
Session Tracking

• Recognizing Clients
• To provide personalized services to consumers,
  e-businesses must be able to recognize clients
  when they request information from a site.
• HTTP is a stateless protocolit does not support
  persistent connections that would enable web
  servers to maintain state information between
  requests.
• Tracking individual clients, known as session
  tracking, can be achieved in a number of ways.
• Using cookies.
• Using ASP.NETs HttpSessionState object.
• Using hidden form elements.
• Embedding session-tracking information directly
  in URLs.

4
Session Tracking - Cookies

• Cookies are pieces of data stored in a small text
  file on the users computer.
• A cookie maintains information about the client
  during and between browser sessions.
• Every HTTP-based interaction between a client and
  a server includes a header containing information
  about the request or response.
• When a web server receives a request, the header
  includes any cookies that have been stored on the
  client machine by that server.
• When the server formulates its response, the
  header contains any cookies the server wants to
  store on the client computer.

5
Session Tracking - Cookies

• The expiration date of a cookie determines how
  long the cookie remains on the clients computer.
• If no expiration date is set, web browser
  maintains the cookie for the duration of the
  browsing session.
• Otherwise, the web browser maintains the cookie
  until the expiration date occurs.
• Cookies are deleted when they expire.
• Most browsers allow 20 cookies per server. 
• The size of a cookie is not more than 4096 bytes
  or 4 KB.

Portability Tip Users may disable cookies in
their web browsers to help ensure their privacy.
Such users will experience difficulty using web
applications that depend on cookies to maintain
state information.
6
Example using Cookies

• Create Options.aspx file with
• A Label "Select a programming language"
• 5 radio buttons with the values Visual Basic,
  Visual C, C, C, and Java.
• A Submit button
• A Hyperlink that navigates to "/Options.aspx
• A Hyperlink that navigates to "/Recommendations.a
  spx

7
Outline

• Writing Cookies in a Code-Behind File
• The code-behind file for Options.aspx.

Options.aspx.cs (1 of 3 )
For adding new entries, class Dictionary provides
method Add, which takes a key and a value as
arguments.
Figure. Code-behind file that writes a cookie
tothe client. (Part 1 of 3.)
8
Outline
Options.aspx.cs (2 of 3 )
For adding new entries, class Dictionary provides
method Add, which takes a key and a value as
arguments.
Fig. Code-behind file that writes a cookie
tothe client. (Part 2 of 3.)
9
Outline
Options.aspx.cs (3 of 3 )
Create an HttpCookie object, passing a name and a
value as arguments.
Add the HttpCookie to the Cookies collection sent
as part of the HTTP response header.
Fig. Code-behind file that writes a cookie
tothe client. (Part 3 of 3.)
10
Session Tracking

• This code writes a cookie to the client machine
  when the user selects a programming language.
• A Dictionary is a data structure that stores
  key/value pairs.
• For adding new entries, class Dictionary provides
  method Add, which takes a key and a value as
  arguments.
• The expression dictionaryName keyName returns
  the value corresponding to key keyName.
• Create an HttpCookie object, passing a name and a
  value as arguments.
• Add the HttpCookie to the Cookies collection sent
  as part of the HTTP response header.

11
Example using Cookies

• Create Recommendations.aspx file with
• Add a Label Recommendations
• Add a Listbox
• Add a Hyperlink that goes back to Options.aspx.

12
Outline
Code-Behind File That Creates Book
Recommendations From Cookies
Recommendations.aspx.cs (1 of 2 )
Retrieve the cookies from the client using the
Request objects Cookies property.
Fig. Reading cookies from a client to determine
book recommendations. (Part 1 of 2.)
13
Outline
Recommendations.aspx.cs (2 of 2 )
Use the Name and Value properties of an
HttpCookie to access its data.
Fig. Reading cookies from a client to
determine book recommendations. (Part 2 of 2.)
14
Session Tracking

• Retrieve the cookies from the client using the
  Request objects Cookies property.
• This returns an HttpCookieCollection containing
  cookies that were previously writtento the
  client.
• Cookies can be read by an application only if
  they were created in the domain in which the
  applicationis running.
• Use the Name and Value properties of an
  HttpCookie to access its data.

15
Session Tracking

• Some commonly used HttpCookie properties

Fig. HttpCookie properties. (Part 1 of 2.)
16
 Session Tracking
Fig. HttpCookie properties. (Part 2 of 2.)
17
Session

• What is a session?
• Context in which a user communicates with a
  server over multiple HTTP requests
• Within the scope of an ASP.NET Application
• HTTP is a stateless, sessionless protocol
• ASP.NET adds the concept of session
• Session identifier 120 bit ASCII string
• Session variables store data across multiple
  requests

18
Example for Session

• Lets modify the Cookies example to use Session
• Use HttpSessionState instead of Cookies

19
Outline
a)
b)
Options.aspx
c)
d)
20
Session Tracking

• We keep the EnableSessionState propertys default
  settingTrue.
• Every Web Form includes an HttpSessionState
  object, which is accessible through property
  Session of class Page.
• When the web page is requested, an
  HttpSessionState object is created and assigned
  to the Pages Session property.
• A distinct HttpSessionState resides on the
  server, whereas a cookie is stored on the users
  client.
• Like a cookie, an HttpSessionState object can
  store name/value pairs.
• The name/value pairs stored in a Session object
  are often referred to as session items.

21
Outline
Adding Session Items
Options.aspx.cs (1 of 3 )
Fig. Creates a session item for each
programming language selected by the user on the
ASPX page. (Part 1 of 3.)
22
Outline
Options.aspx.cs (2 of 3 )
Fig. Creates a session item for each
programming language selected by the user on the
ASPX page. (Part 2 of 3.)
23
Outline
Options.aspx.cs (3 of 3 )
Call Add to place a session item in the
HttpSessionState object.
Property SessionID contains the unique session
ID, which identifies each unique client.
Property Timeout specifies the amount of time
that an HttpSessionState object can be inactive
before it is discarded.
Fig. Creates a session item for each
programming language selected by the user on the
ASPX page. (Part 3 of 3.)
24
Session Tracking

• Call Add to place a session item in the
  HttpSessionState object.
• If you add an attribute that has the same name as
  an attribute previously stored in a session, the
  object associated with that attribute is
  replaced.
• Another common syntax for placing a session item
  inthe HttpSessionState object is
  Session name   value.

25
Session Tracking

• Property SessionID contains the unique session
  ID, which identifies each unique client.
• Property Timeout specifies the amount of time
  that an HttpSessionState object can be inactive
  before it is discarded.
• By default, a session times out after twenty
  minutes.

26
Session Identifier

• By default, session id is stored in a cookie
• Can optionally track session id in URL
• Requires no code changes to app
• All relative links continue to work

ltconfigurationgt ltsessionstate
cookielesstrue/gt lt/configurationgt
27
Session Tracking

• Some common HttpSessionState properties

28
Outline
Code-Behind File That Creates Book
Recommendations from a Session
Recommendations.aspx.cs (1 of 2 )
Use the Session objects Count property to
determine if the user has selected any languages.
The Keys property of class HttpSessionState
returns a collection containing all the keys in
the session.
Fig. Session data used to provide book
recommendationsto the user. (Part 1 of 2.)
29
Outline
Recommendations.aspx.cs (2 of 2 )
The value in a key/value pair is retrieved from
the Session object by indexing the Session object
with the key name.
Fig. Session data used to provide book
recommendationsto the user. (Part 2 of 2.)
30
Session Tracking

• The Keys property of class HttpSessionState
  returns a collection containing all the keys in
  the session.
• The value in a key/value pair is retrieved from
  the Session object by indexing the Session object
  with the key name.

31
Session Variables

• ASP stores session state in IIS process
• State is lost if IIS crashes
• Cant use session state across machines
• ASP.NET stores session state
• In another process ASP State NT service
• In SQL Server database

32
Session Variables

• Live objects are not stored in session state
• Instead, ASP.NET serializes objects out between
  requests
• ASP.NET approach provides
• Ability to recover from application crashes
• Ability to recover from IIS crash/restart
• Can partition an application across multiple
  processes (called a Web Garden)
• Can partition an application across multiple
  machines (called a Web Farm)