Write to UsWorking with Sessions
When a user logs into an ASP.NET web application, the server adds a unique Session ID into his browser. This session ID is usually stored in a cookie called _ASP.NET_SESSIONID. This cookie will be in the browser for as long as the user is in the website. Each user has a unique Session ID. If you want to retrieve it, you need to put Response.Write(Session.SessionID) somewhere in your ASP.NET script.
Session state can allow you to link information with a particular user. For example, if you write Session(MyName)="Michael" in an ASP.NET script, all you need to do for the name Michael to appear on the screen is typing Response.Write(Session(MyName), and you can do this on the same webpage, or in another webpage.
Through Session values, a user can use a form to enter his name, and then have his name appearing on another page. Suppose you have a page called sestu.aspx with this form:
Name:
<input type="textbox" name="MyName" /><br />
<input type="submit" value="Submit">
</form>
The form, of course, would be between the <body> tags. Once you run it, you will see nothing but a textbox on the screen that says “Name:”, and a submit button. Once you submit your name, you will be re-directed to sestu2.aspx, and inside the <body> tags of sestu2.aspx, you have the following script:
Dim Clad
Dim MyName as String
Clad = Request.Form("MyName")
Response.Write(“The name you typed is “ + Clad + “.”)
Session(MyName) = Clad
%>
If you tried to run the script as it is, you'd get an error. Why? Because Sessions only work when you import the System.Web.SessionState NameSpace into your page. Therefore, you need to put the following lines right on top of your page:
<%@ Page Language="VB" Debug="true" %>
<%@ Import Namespace="System.Web.SessionState" %>
The first line is the Page Directive. It tells the server that the script will be in Visual Basic, and the second line imports the required NameSpace. Now, if you type a name, let's say Ralph, in the sestu.aspx form and press Submit, you will see the words "The name you typed is Ralph" appearing on the page. So far we aren't doing anything that isn't basic ASP.NET. However you can see that the last line of the script is storing the value of Clad in a Session called MyName. Now create a page with the aspx extension, and put these lines inside the <body> tags:
<%
Dim MyName as String
Response.Write("The name inside MyName is: " + Session(MyName))
%>
By now you can guess what will appear on the screen. Notice that you didn't need to import any NameSpace for sestu3.aspx to work. That's because the NameSpace had already been invoked in sestu2.aspx. However, it'd be safer to import System.Web.SessionState to every webpage that may need it.
Session States are relative to the user. If a user in Germany enters the name Klaus in the sestu.aspx form, and a user in Mexico enters the name Raul, it's unlikely that Klaus will see the name Raul appearing on his screen or vice-versa.
How to End a Session
Sessions are uysually ended by the web-server, which can detect that a certain period of time has passed without the user being active. When this happens, the web-server removes everything related to the user. Normally a user can be inactive for twenty minutes before all sessions are deleted.
This period of time can be modified by typing this on your script:
Session.TimeOut = 5
Now a user can only be inactive for five minutes. If you inserted that line at the very start of the script in sestu2.aspx, you'd see that the name sestu3.aspx puts on the screen would disappear from the screen if you reloaded the page after five minutes of inactivity.
There's another way of modifying a session's Timeout, and it involves changing the Web.Config of your Application. Go to Internet Information Services. Right-click on Default Web Site, choose New and then choose Virtual Directory. The prompt will ask you for an alias. I chose ExpSes. Then I chose the dictory where my Sestu files were, and then I clicked on Next and Finish. Once you have a Virtual Directory set, go to http://localhost/Expses/sestu.aspx and see if everything is working the way it did before. If it does, congratulations, you have a Virtual Directory working.
Now you need to create a web.config file and store it in the same directory where your Sestu files are. Inside the web.config file, copy/paste this:
<system.web>
<sessionState timeout="5" />
</system.web>
</configuration>
Using the web.config file to change the timeout to five minutes is similar to adding copy/pasting Session.TimeOut = 5 in every page in your application with the aspx extension.
Cookieless Sessions
There are many tricks you can do with the web.config file. By now you should know that the Session ID is stored in a cookie called _ASP.NET_SESSIONID. Cookies may be delicious, but browser cookies are another story, specially if they fall in the hands of malicious hackers. That's why many people configure their browsers so that they won't accept cookies. Scripters who take this into consideration often use the web.config file to make sure Sessions won't use cookies.
<sessionState cookieless="true" timeout="20" />
As you can see, all you need is to add cookieless=”true” to the web.config file, and your Sessions won't rely on cookies. Easy to do, but the outcome can be tricky. That's because the server is no longer using cookies to store values. Now every piece of information is stored inside the URL itself. Notice that sestu2.aspx has a Url that looks like this:
http://localhost/Expses/(dvfledvp1sqrxq450aegg0fn)/sestu2.aspx
Notice that the Session ID is in the URL itself. Without cookies, if you are going to link one page to another, you have to use relative path URLs instead of normal URLs, like this <a href="sestu2.aspx">Second Page</a>. That's because writing the entire URL would make the server start a new SessionID value and the previous one would be lost.
Why would anyone want to disable Session State? Session State demands additional processing by the server. If cookieless is not enabled, anyone who visits your page will end up with a cookie which will sit on her browser and look pretty. Fortunately there are some tricks you can use to prevent all this. You can also put the following line at the start of your sestu2.aspx script:
<%@ Page Language="VB" Debug="true" EnableSessionState="false" %>
If you run the script, you'll get the following error message:
Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive
This is happening because EnableSessionState="false" disabled Session State for sestu2.aspx.
Disabling Session State
Using the web.config file, you can disable Session State for the entire application. You just need to put <sessionState mode="Off" /> between <system.web> and </system.web>. If you try to use sessions in any of the scripts that share the files-directory with web.config, the server will give you the same error you already saw.ASP.NET's Session State is far better than its ASP predecessor. It can be used to store critical date fast and reliably. It can be used with and without cookies, and it allows all clients to take advantage of it. Since the Session State values are stored by the client and not the server, an increase in clients won't affect the performance of the server.