ASP.NET Programming with C# and SQL Server First Edition

ASP.NET Programming with C# and SQL Server

First Edition

Chapter 9Maintaining State

Information

Objectives

In this chapter, you will:

• Save state information with query strings, hidden form fields, and post back

• Save state information with cookies

• Save state information with the Session state, Application state, and Profiles

ASP.NET Programming with C# and SQL Server, First Edition 2

Introduction

• The Web was not originally designed to store information about a user’s visit to a Web site

• Today, storing user information is an important capability for ease of use


Understanding State Information

• Hypertext Transfer protocol (HTTP) manages hypertext links for navigating Web pages

• State information: information about individual visits to a Web site

• HTTP was originally designed to be stateless, with no persistent data about a visit to a Web site– This design hampered interactivity and limited

personalization


Understanding State Information (cont’d.)

• State information allows a server to:– Customize Web pages based on user preferences– Temporarily store information for a user– Allow a user to create bookmarks for returning to

specific locations within a Web site– Provide shopping carts that store order information– Store user IDs and passwords– Use counters to keep track of how many times a

user has visited a site



• Sample application: Skyward Aviation Web site– Implements frequent flyer login functionality– Tracks information about the user’s entire visit– Stores user profile in a table named FrequentFlyers,

which is in a database named SkywardAviation

• Three basic tools for maintaining state:– Query strings– Hidden form fields– Post back and view state functionality of Web server

controls



Figure 9-1 Skyward Aviation Web site flow



Figure 9-2 Skyward Aviation home page


Figure 9-3 FrequentFlyers table fields


Query Strings

• Query strings are a quick way to pass data from one Web page to another

• Add a question mark (?) after a URL with the query string– Query string consists of name=value pairs,

separated by an ampersand (&)

• This is the same functionality that occurs when using a form with method=“get”

• Use the QueryString collection in the receiving page to access the query string

• The query string is visible to users and is not secureASP.NET Programming with C# and SQL Server, First Edition 10

Hidden Form Fields

• A hidden form field is not displayed on a Web browser– Can be used to temporarily store data

• Use <input type=“hidden”> to create a hidden form field– name and value are the only attributes available

• Post back maintains view state by assigning form values to a hidden form field named __VIEWSTATE

• Hidden form field values can be seen by opening a Web page’s source code in the browser


Saving State with Post Back

• Post back and view state functionality in ASP.NET makes state preservation easier and more robust

• MultiView control: used to hide and display areas of a page that are defined by a View control– Used to simulate a multipage form

• View control: acts as a container for text, markup, and other controls– Only one View control within a MultiView control can

be displayed at a given time– The data on the form fields is preserved during post

back operations


Saving State with Post Back (cont’d.)

• To move between views within a MultiView control, add a button to each View control– Set the CommandName attribute to control the view to

display

• CommandName attribute values:– NextView: displays the next View control– PrevView: displays the previous View control– SwitchViewByID: displays the View control with the

matching ID value in the CommandArgument attribute– SwitchViewByIndex: displays a View control based

on its index number



Figure 9-4 Pages of a multipage form

Saving State with Post Back (cont’d.)

• Use the Page_LoadComplete() event handler to display information that was gathered on preceding pages

• ActiveViewIndex: indicates which view is active– Value of -1 means no view is active



Figure 9-5 Final page of the frequent flyer enrollment form


Figure 9-6 Account Profile page

Simulating Multipage Forms with the Wizard Web Server Control

• Wizard Web server control: creates a multistep wizard-style interface for gathering user input– Used to hide and display areas of a page– Automate navigation

• Syntax: <asp:Wizard ID=“id” runat=“server”>

• <asp:WizardSteps> element: a container for <asp:WizardStep> elements that represent each step in the wizard

• Title attribute in each step is used to generate navigation links


Wizard Web Server Controls (cont’d.)


Table 9-1 Common Wizard control behavior attributes


Table 9-2 WizardStep control attributes



• You can use Wizard Tasks in Design view to create the Wizard control

• Styles section of a Wizard’s Properties page controls the appearance of a wizard– StepStyle: options for formatting an interim wizard

step

• Step box on Wizard Tasks menu allows you to change the currently displayed wizard step in Design view

• Use WizardStep Collection Editor to add/remove steps



Figure 9-7 Wizard Tasks menu



Figure 9-8 WizardStep Collection Editor


• Templates are available to control the appearance of portions of a Wizard control– Templates give you greater control over the design

and layout of a wizard

• Templates primarily determine the text and elements to place in a specific area of the wizard

• Style objects primarily determine the formatting of the text and elements

• Wizard control supports events related to the navigation buttons and the changing of active steps




Table 9-3 Wizard control templates



Table 9-4 Wizard control events



Figure 9-9 Steps in the Fitness Survey wizard


Figure 9-10 Contact information page

Saving State Information with Cookies

• Query strings and hidden form fields do not permanently maintain state information

• Cookies: small text file stored on a user’s computer, containing information about the user– Cookies are sent to the Web server and are used to

customize the Web page for the client– Cookies can be temporary or persistent

• Temporary cookies: remain available only for the current browser session

• Persistent cookies: remain available as a stored text file on the client computer


Creating Cookies• ASP.NET provides several ways to store cookies• Cookies[] collection of the Response object:

– A mechanism for storing cookies as name=value pairs– Syntax:

Response.Cookies[“cookieName].Value= “value”;

• HttpCookie class: used for creating a cookie– Syntax: HttpCookie cookieName = new

HttpCookie(“cookieName”);

– Use the Value property to assign a value

ASP.NET Programming with C# and SQL Server, First Edition30

Creating Cookies (cont’d.)

• HttpCookie class provides greater control– Lets you treat cookies as objects

• Can also store multiple name=value pairs, called subkeys, in a single cookie – Overcomes the limitation of 20 cookies per server or

domain on a client system

– Syntax for Cookies[] collection: Response.Cookies[“cookieName”][“subkeyName”] = “value”;

– Syntax for HttpCookie class: cookieObject.Values[“subkeyName”]=“subkeyValue”;


Setting Cookie Expiration Dates

• Use the Expires property of the cookie object to set how long it can remain on a client system– If omitted, the cookie is available only for the current

browser setting

• Assign a DateTime structure to the Expires property– Use the Now property and one of the Add()

methods such as AddDays() or AddMonths()


Configuring Cookie Availability to Other Web Pages on the Server

• Path property of a cookie object or Response.Cookies[] collection: specifies availability of a cookie to other Web pages on a server

• By default, a cookie is available to all Web pages in the same directory– With a path specified, it is available to all Web pages

in the specified path and in all subdirectories– Use a slash indicating the root directory to make it

available to all directories on a server

• Always place cookie programs in their own directoryASP.NET Programming with C# and SQL Server, First Edition 33

Sharing Cookies Across a Domain

• Use the Domain property of a cookie object and assign a domain to it to share the cookies across a domain– Cannot share cookies outside of a domain

• Use the Domain property of the Response.Cookies[] collection to share cookies across a domain


Securing Cookie Transmissions

• Secure Sockets Layer (SSL): used to encrypt data and transfer it across a secure Internet connection– URLs start with https instead of http

• Secure property of a cookie object: indicates that it can only be transmitted across a secure Internet connection


Reading Cookies

• When a browser requests a Web page, it sends any existing cookies for that Web site along with the request

• Cookies are available in the Request.Cookies[] collection

• Use the Value property to retrieve the value

• Always check if the cookie exists prior to attempting to read it– NullReferenceException will result from

trying to read a non-existent cookie


Modifying and Deleting Cookies

• You cannot directly modify the value assigned to a cookie or subkey

• You must overwrite the old cookie with a new cookie

• To delete a cookie, set its expiration to a date in the past– Can assign a value of yesterday by passing -1 to the AddDays() method

• To delete a subkey, call the Remove() method of the Values collection


Working with Session State, Application State, and Profiles

• State information can be managed in three ways:– Session state– Application state– Profile properties


Storing Session Information with Session State

• A Request object is instantiated when a client requests a URL and is destroyed when the URL is delivered to the client– You cannot use the same Request object with

different pages in an application

• Session state: stores specific client information that is available to all pages for the current ASP.NET session

• SessionStateItemCollection object: stores session data


Storing Session Information with Session State (cont’d.)

• You can access the SessionStateItemCollection object through the Session[] collection

• Use the <sessionState> element in the Web.config file to configure session state

• An ASP.NET session has a default life span of 20 minutes



Table 9-5 Common attributes of the <sessionState> element

Using Cookieless Sessions

• By default, ASP.NET stores a session ID in a cookie on the client’s browser

• If a browser does not accept cookies, ASP.NET uses cookieless sessions– Session ID is stored in a Web page’s URL

• Add the cookieless attribute to the <sessionState> element to configure a Web site to use cookieless sessions– Use the AutoDetect value to use cookies if the

browser accepts them or cookieless if the browser does not accept them


Storing Global Information with Application State

• Application state: preserves information that can be shared by all clients accessing an application

• Stored in an HttpApplicationState object – Accessed through the Application[] collection

• Application state starts when the first client requests one of the application’s pages, and then runs until the server shuts down or is restarted or until the application is restarted

• You can create your own application state variables in the Application[] collection


Storing Global Information with Application State (cont’d.)

• Use the Remove() and RemoveAll() methods of the HttpApplicationState.Contents property to remove application state variables

• Use the Lock() method of the HttpApplicationState class to prevent other clients from accessing properties of the HttpApplicationState object while it is being updated by a client– Use the UnLock() method to cancel the Lock()

method


Storing User Information in Profiles

• If an application shuts down or restarts, all data stored in the application state is lost

• Profiles: automatically store and retrieve strongly typed state information to and from a SQL Server database– ASP.NET handles accessing the information for you

• Profiles are much more powerful than other ASP.NET state preservation techniques


Storing User Information in Profiles (cont’d.)

• You must perform these steps to use profiles:– Use the aspnet_regsql.exe tool to configure the

aspnetdb SQL Server database used for storing profile information

– Configure the connection information to the SQL Server database

– Define profile properties using the <profile> element in the Web.config file

• Edit the machine.config file to set the connection information– Use the <connectionStrings> element


Storing User Information in Profiles (cont’d.)

• Add a provider name of AspNetSqlProfileProvider in the machine.config file to manage the storage of profile information

• To define profile properties, add <profile> elements to the <system.web> element in the Web.config file– Specify the type attribute to assign .NET class

types such as int32, System.Double, or System.String


Summary

• State information is information about individual visits to a Web site

• HTTP was originally designed to be stateless

• Pass data from one Web page to another using a query string with ?, followed by name=value pairs

• Hidden form fields temporarily store data to be sent to a server

• MultiView Web server controls hide and display areas of a page that are defined by a View control


Summary (cont’d.)

• Wizard Web server controls create multistep interfaces for gathering user input

• Cookies are small pieces of information about a user stored in text files on the user’s computer

• Temporary cookies remain available only for the current browser session, while persistent cookies are stored in text files on client computers

• Session state stores specific client information that is available to all pages in an ASP.NET application

• Cookieless sessions store the session ID in a Web page’s URL instead of in a cookie


Summary (cont’d.)

• Use application state to preserve information to be shared by all clients accessing an application

• Profiles automatically store and retrieve strongly typed state information to and from a SQL Server database


ASP.NET Programming with C# and SQL Server First Edition

Documents

Transcript of ASP.NET Programming with C# and SQL Server First Edition