Article
ASP Sessions and Applications
The Session Object
The Session object is very similar to the Application object, as it allows you to store values that are shared between all the pages of your site. The main difference between the two is that, where a single Application object is shared by all pages and all clients that access your site, each client (browser) is assigned its own Session object.
Thus, a Session object must be created for each user session that occurs on your Website. Here's an updated version of the hit counter example we saw in the previous section:
1 <% Option Explicit %>
2 <html>
3 <head>
4 <title> Simple counter </title>
5 </head>
6 <body>
7 <p>Your page requests: <%
8 Session("hits") = Session("hits") + 1
9 Response.Write(Session("hits"))
10 %></p>
11 <p>Total page requests: <%
12 Application.Lock
13 Application("hits") = Application("hits") + 1
14 Application.Unlock
15 Response.Write(Application("hits"))
16 %></p>
17 </body>
18 </html>
Save this page and open two copies of your Web browser. It's important that you actually launch your browser application twice - opening it once and then opening a new window will make the two windows part of the same session, whereas actually opening two separate copies of your browser will cause them each to be assigned separate Session objects on your server. Load the above page into both browsers, and refresh it a few times in each. Observe that the counter stored in the Session object only counts the hits from each browser, while the counter stored in the Application object stores the total page request count.
A typical use of the Session object is to store a user's shopping cart on an online shopping site. Obviously it doesn't make sense for all your users to share a single shopping cart, so the fact that each user gets a Session object of his or her own fits the bill precisely.
As for the Application object, Session("hits") is actually just shorthand for Session.Contents("hits"). Session.Contents.Remove("hits") can be used to delete a single stored value, while Session.Contents.RemoveAll will delete all values stored in the current session.
Every user that connects to your site is assigned his or her own Session object for the duration of his or her visit, so there must be some mechanism in place to prevent old Session objects from adding up and consuming all the memory on your server. By default, a Session object will expire and be deleted from your server if the client that corresponds to that session doesn't request a page from your server for 10 minutes. In most cases, this means that the user has closed the browser or has moved on to another Website. If your application has a typical 'time between page requests' of more than 10 minutes, this default timeout value will prevent your application from working properly. To specify your own session timeout interval, set the Timeout property of the Session object:
Session.Timeout = 30 ' The current session will end after
' 30 minutes of inactivity
You can also end the current session immediately, for instance, if you wanted to 'log out' the current user from your Web application:
Session.Abandon