When you develop an Active Server Pages (ASP) Web application, a common way to customize the content is to store information about the user. There are several ways to store information in an ASP environment. This article lists the most common ways to store state, including sample code and the pros and cons of each option.
MORE INFORMATION
Session and Application Variables
How do they work?
The Session and Application variables are stored on the server. A SessionID, which is generated at the start of an ASP session, is an in-memory cookie that is stored on the client to identify the Session variables. As a result, the client must have cookies enabled in the browser for Session and Application variables to work.Pros
- This method is easy to implement.
- You can store both simple variable types and objects (although storing objects is not recommended).
- The values that are stored in Session and Application variables are hidden from the user.
Cons
- This method requires clients to have cookies enabled in their Web browser.
- This method cannot reliably be shared between frames in a frameset or across multiple browser instances.
- This method stores information on the Web server. This decreases scalability in two ways: Session and Application variables use resources on the server, and they cannot be used on completely load balanced Web Farms.
Sample
Set the value of a Session variable:
<%
'Store information in a session variable.
Session("myInformation") = "somevalue"
%>
<%
'Retrieve the information stored in the session variable.
myValue = Session("myInformation")
%>
Cookies
How do they work?
There are two types of cookies: in-memory cookies, and cookies that are stored to the client's disk. An in-memory cookie is one or more name-value pairs that are stored in the browser's memory until the browser is closed. A cookie that is stored to disk is a file on the client's computer that contains name-value pairs.Cookies can be set and retrieved from both client-side and server-side code.
Pros
- This method is easy to implement.
- This method can be saved to disk for future use (disk-based cookie) by simply setting an expiration date on the cookie. This enables storage between browser sessions.
Cons
- The client can manually modify cookies that are stored to disk.
- This method requires clients to have cookies enabled in their Web browser.
- Cookies cannot store objects.
Sample
Store information in a cookie:
<%
'Set a cookie value.
Response.Cookies("myInformation") = "somevalue"
'Expire the cookie to save it to disk. If this is omitted, the cookie
'will be an in-memory cookie. In this case, the cookie is set to expire
'in twenty days.
Response.Cookies("myInformation").Expires = now() + 20
%>
<%
'Retrieve the information that is stored.
myValue = Request.Cookies("myInformation")
%>
Hidden Form Fields
How do they work?
Every page needs a form with hidden form fields that contain the state information. Instead of linking and redirecting to pages, the form is submitted when a user browses to a different page.Pros
- This method does not require cookies.
Cons
- It can be cumbersome to redirect and link to pages.
- This method cannot store objects.
Sample
Store information in hidden fields:
<HTML>
<HEAD>
<SCRIPT LANGUAGE=javascript>
//Function that is used to submit the links:
function browseToUrl(url){
form1.action=url;
form1.submit();
}
</SCRIPT>
</HEAD>
<BODY>
<%
dim myInformation
myInformation = "somevalue"
%>
<!-- This stores the value that is set above in the hidden form field. -->
<FORM id="form1" name="form1" action="" method="post">
<INPUT type="hidden" id="myInformation" name="myInformation" value="<%= myInformation%>">
<!-- Navigation sample that uses this technique. -->
<INPUT type="button" value="p3.asp" id=button1 name=button1 onclick='goToUrl("p3.asp");'>
</FORM>
</BODY>
</HTML>
<%
'Retrieving the information that is stored.
myValue = Request.Form("myInformation")
%>
QueryString
How does it work?
When you use the QueryString collection, the variables are stored in the URL as a name-value pair. For example:
http://servername/page.asp?var1=value1&var2=value2&var3=value3
Pros
- If the client bookmarks the page, the state will persist.
Cons
- The full URL can only be 2083 bytes.
- This method cannot store objects.
- The URL is very long and hard to read.
Sample
Store information in the QueryString:
<HTML>
<HEAD></HEAD>
<BODY>
<%
'Function that assembles the QueryString:
function AddToQueryString(qs, name, value)
if qs="" then
qs = name & "=" & value
else
qs = qs & "&" & name & "=" & value
end if
addToQueryString = qs
end function
dim querystring
'Store the first value.
querystring = AddToQueryString(querystring, "firstvar", "firstvalue")
'Store the second value.
querystring = AddToQueryString(querystring, "secondvar", "secondvalue")
%>
<a href="urlreceive.asp?<%=querystring%>">urlreceive.asp</a>
</BODY>
</HTML>
<%
'Retrieve the information stored.
myFirstValue = Request.QueryString("firstvar")
mySecondValue = Request.QueryString("secondvar")
%>
File and Database
How do they work?
You can implement this technique in many different ways. The following steps illustrate one way to implement the file and database storing of state:- Generate an ID when the user first logs on or browses to a page within your application.
- Use any of the techniques in this article to store the ID.
- To store the values in a file, use the ID as the file name. To store the values in a database, use a combination of the ID and the name-value pair to identify the record.
- Optionally store a timestamp with the name-value pair in the database. For files, you can use the timestamp from the last revision.
- Write a service to perform cleanup (delete records and files) at certain intervals (for example, every 20 minutes or every night, based on how many users access the site). The service can use the timestamp to determine whether a record has expired.
Pros
- The values are completely hidden from the user.
- If you use a file share or a database, this can be used to simulate session variables on a Web Farm.
- It does not require cookies.
Cons
- It stores data on the server side.
- It can be cumbersome to implement.
- This method can be slow because database and file access is required to store and retrieve the values.