Web-based Programming Lanjut Pertemuan 2 Matakuliah: M0492 / Web-based Programming Lanjut Tahun:...

Web-based Programming Lanjut Pertemuan 2

Matakuliah : M0492 / Web-based Programming Lanjut Tahun : 2007

Bina Nusantara

Application, Session and Cookies

• Application Object• Session Object• Cookies

Bina Nusantara

Managing State on the Web• What Exactly is State?

Each client makes a connection to the server and the database application. The connection is normally established by authenticating the user.

Authentication is typically a combination of identifying users through a user-name and then making them present a password to prove that they are a valid user.

Ability to identify each client’s request, and hold values in memory that are related to just that user, provides state.

Bina Nusantara

Managing State on the Web• Why State So Important?

To create Web-based application that interacts with users, it must be able to provide individual state for each user.

We need to find a way to persist state for each of our visitors.

If we can’t do that, we can’t reasonably expect to do anything that requires more than one ASP page, as the variables and other references in that page are all destroyed when page is finished executing

Bina Nusantara

Managing State on the Web• How we Create State on the Web

The usual ways of providing state between page requests and site visits is through cookies.

– Anonymous vs. Authenticated VisitorsThe most obvious method, implemented by many sites, is to pop up a login dialog.This authenticates you as a known and valid user, at which point a cookie can be place on your system to hold either the login details, or just a ‘key’ to indicate that you have been identified.

– No more Anonymous VisitorsA new Session object is created for the first access an ASP page on our server.A session identifier number is allocated to the session, and a cookie containing a specially encrypted version of the session identifier is sent to the client.Every time that this user access an ASP page, ASP looks for this cookie.

Bina Nusantara

ASP Application

• Associated with two main topics:– The provision of global scope, through a globally

accessible variable storage area– The integration with IIS through COM+, which allow us to

better manage components

• What can we store in an application ?– Simple variables, such as strings and numbers (stored as

Variants like all ASP script variables)– Variant-type arrays, made up of one or more dimensions– Variable references (again as Variants) that point to an

instance of a COM object

A Variant is the only variable type provided in the VBScript scripting engine for ASP (and Internet Explorer).

Bina Nusantara

ASP Sessions

• The ASP application object can be used to store state that is global.

• We can use the same name for each variable.

• The same code would work transparently for each visitor because it would access that visitor’s own private storage area.

Bina Nusantara

ASP Sessions• Problem with Sessions

– Some browsers and Web servers are case sensitive as far as URLs, paths and filenames are concerned. If a cookie has a path specified, and it is different to the path specified in a hyperlink in term of case, the browser may not return it to the server along with a page requested from that directory.

– In previous version of IIS and ASP, there were some minor bug-associated problems with nested applications. These have been fixed in ASP 3.0

– Session depend on cookies. Visitors that have cookies disabled, or whose browser doesn’t support them, won’t get a session started and so will not have access to a Session object.

Bina Nusantara

The ASP Application Object

• Application Object’s Collections

Collection Name Description

Contents A collection of the variables (and their values) that are stored in the Application object, and are not defined using an <OBJECT> element. This includes Variant arrays and Variant-type object instance references.

StaticObjects A collection of the variables that are stored in the Application object by using an <OBJECT> element.

Bina Nusantara


• Application Object’s Methods

Method Description

Contents.Remove (“variable_name”) Removes a named variable from the Application.Contents collection.

Contents.Removeall ( ) Removes all variables from the Application.Contents collection.

Lock ( ) Locks the Application object so that only the current ASP pages has access to the contents. Used to ensure that concurrency issues do not corrupt the contents by allowing two users to simultaneously read and update the values.

Unlock ( ) Releases this ASP page’s lock on the Application object.

Bina Nusantara


• Application Object’s Events

Event Description

onStart Occurs when the ASP application starts, before the page that the user requests is executed and before any user Session objects are created. Used to initialize variables, create objects, or run other code.

onEnd Occurs when the ASP application ends. This is after the last user session has ended, and after any code in the onEnd event for that session has executed. All variables existing in the application are destroyed when it ends.

Bina Nusantara

The ASP Session Object

• Session Object’s Collections

Collection Name Description

Contents A collection of the variables and their values that are stored in this particular Session object, and are not defined using an <OBJECT> element. This includes Variant arrays and Variant-type object instance references.

StaticObjects A collection of the variables that are stored in this particular Session object by using an <OBJECT> element.

Bina Nusantara

The ASP Session Object• Session Object’s Properties

Properties Description

CodePage Read/write. Integer. Defines the code page that will be used to display the page content in the browser. The code page is the numeric value of the character set, and different languages and locales may use different code pages. For example, ANSI code page is 1252 is used for American English and most European languages. Code page 932 is used for Japanese Kanji.

LCID Read/write. Integer. Defines the locale identifier (LCID) of the page that is sent to the browser. The LCID is a standard international abbreviation that uniquely identifies the locale; for instance 2057 defines a locale where the currency symbol used id ‘₤ ‘. This LCID can also be used in statements such as FormatCurrency, where there is an optional LCID argument. The LCID for a page can also be set in the opening <%@..%> ASP processing directive and overrides the setting in the LCID property of the session.

Bina Nusantara


• Session Object’s Properties

Properties Description

SessionID Read/write. Long. Returns the session identifier for this session, which is generated by the server when the session is created. Uniquely only for the duration of the parent Application object, and so may be re-used when a new application is started.

Timeout Read/write. Integer. Defines the timeout period in minutes for this Session object. If the user does not refresh or request a page within timeout period, the session ends. Can be changed in individual page as required. The default is 10 minutes, and shorter timeouts may be preferred on a high-usage site.

Bina Nusantara

The ASP Session Object• Session Object’s Methods

Note that you cannot remove variables from the Session.StaticObjects collection at run-time

Method Description

Contents.Remove (“variable_name”) Removes a named variable from the Session.Contents collection.

Contents.Removeall ( ) Removes all variables from the Session.Contents collection.

Abandon ( ) Ends the current user session and destroys the current Session object once execution of this page is complete. You can still access the current session’s variables in this page, even after calling the Abandon method. However the next ASP page that is requested by this user will start a new session, and create a new Session object (if any exist).

Bina Nusantara


• Session Object’s Events

Event Description

onStart Occurs when the ASP user session starts, before the page that the user requests is executed. Used to initialize variables, create objects, or run other code.

onEnd Occurs when the ASP user session ends. This happends when the predetermined session timeout period has elapsed since that user’s last page request from the application. All variables existing in the session are destroyed when it ends. It is also possible to end ASP user sessions explicitly in code using the Abandon method, and this event occurs when that happens.

Bina Nusantara

Using Application and Session Events• ASP raises event each time an application or session starts or ends.

• We can detect and react by writing normal script code in a special file – global.asa – located in the root directory of an application.

• This file can also contain one or more HTML <OBJECT> elements, used to create component instances that will be used within that application or user’s sessions.

The following code is an example global.asa file.

Bina Nusantara

1. 2. <OBJECT ID="ASPCounter" RUNAT="Server" SCOPE="Application“ PROGID="MSWC.Counters">3. </OBJECT>

4. 5. <OBJECT ID="ASPContentLink" RUNAT="Server" SCOPE=“Session“ PROGID="MSWC.NextLink">6. </OBJECT>

7. <SCRIPT LANGUAGE="VBScript" RUNAT="Server">

8. Sub Application_onStart()9. 'create an instance of an ADO Recordset with application-level scope10. Set Application("ADOConnection") = Server.CreateObject ("ADODB.Connection")11. Dim varArray(3) 'create a Variant array and fill it12. varArray(0) = "This is a"13. varArray(1) = "Variant array"14. varArray(2) = "stored in the"15. varArray(3) = "Application object"16. Application("Variant_Array") = varArray 'store it in the Application17. Application("Start_Time") = CStr(Now) 'store the date/time as a string18. Application("Visit_Count") = 0 'set counter variable to zero19. End Sub

20. Sub Application_onEnd()21. Set Application("ADOConnection") = Nothing22. End Sub

Bina Nusantara

23. Sub Session_onStart()24. 'Create an instance of the Adrotator component with session-level scope25. Set Session("ASPAdRotator") = Server.CreateObject("MSWC.AdRotator")26. Dim varArray(3) 'create a Variant array and fill it27. varArray(0) = "This is a"28. varArray(1) = "Variant array"29. varArray(2) = "stored in the"30. varArray(3) = "Session object"31. Session("Variant_Array") = varArray 'store it in the Session32. Session("Start_Time") = CStr(Now) 'store the date/time as a string33. 34. 'We can access the contents of the Request and Response in a Session_onStart35. 'event handler for the page that initiated the session. This is the *only*36. 'place that the ASP page context is available like this.37. 'as an example, we can get the IP address of the user:38. Session("Your_IP_Address") = Request.ServerVariables("REMOTE_ADDR")39. 40. Application.Lock 'prevent concurrent updates41. intVisits = Application("Visit_Count") + 1 'increment counter variable42. Application("Visit_Count") = intVisits 'store back in Applcation43. Application.Unlock 'Release lock on Application44. End Sub

45. Sub Session_onEnd()46. Set Session("ASPAdRotator") = Nothing47. End Sub

48. </SCRIPT>

Bina Nusantara

Using Application and Session Events

• Reading and Storing Values– To set the values :

Application(“variable_name”) = variable_valueApplication(“variable_name”) = variant_array_variable_nameSet Application(“variable_name”) = object_reference

– To retrieve the values:variable_value = Application(“variable_name”)variant_array_variable_name = Application(“variable_name”) Set object_reference = Application(“variable_name”)

Bina Nusantara

The ASP Processing Directive

Directive Keyword Description

LANGUAGE=“language_name” Sets the default scripting language for the page. For example <%@LANGUAGE=“VBScript” %>

ENABLESESSIONSTATE = “True” | “False”

When set to “True” prevents a session cookie from being sent to the browser, and so no new Session object will be created and any existing session content will not be available.

CODEPAGE=“code_page” Sets the code page for the page. For example, <%@CODEPAGE=“1252”%>

LCID=“locale_identifier” Sets the locale identifier for the page. For example, <%@LCID=“2057”%>

Bina Nusantara

The ASP Processing DirectiveDirective Keyword Description

TRANSACTION = “transaction_type”

Specifies that the page file will run under a transaction context. Legal issues are :“Required” : the script wil run within an existing transaction if one is available, or start a new transaction if not.

“Requires_New” : the script will always initiate a new transaction.

“Supported” : the script will run within an existing transaction if one is available, but will not start a new transaction.

“Not_Supported” : the script will not run within any existing transaction, and will not initiate a new transaction

We can include more than one in our processing directive – they must be separated by a space, with no spaces around the equals sign, for example :

<%@LANGUAGE=“VBScript” CODEPAGE=“1252” LCID=“2057” %> <%@LANGUAGE=“VBScript” CODEPAGE=“1252” LCID=“2057” %>

Bina Nusantara

1. <HTML>2. <BODY>3. <%4. Response.Write "<H2> The ASP Application Object</H2>5. Response.Write "<STRONG>The Application.Contents Collection</STRONG><BR>"6. For Each objItem in Application.Contents7. If IsObject(Application.Contents(objItem)) Then8. Response.Write "Object Reference: '" & objItem & "'<BR>"9. ElseIf IsArray(Application.Contents(objItem)) Then10. Response.Write "Array: '" & objItem & "' contents are :<BR>"11. varArray = Application.Contents(objItem)12. For intLoop = 0 To Ubound(varArray)13. Response.Write " Index(" & intLoop & ") = " & varArray(intLoop) & "<BR>"14. Next15. Else16. Response.Write "Variable: '" & objItem & "' = " & Application.Contents(objItem) & "<BR>"17. End If18. Next19. Response.Write "<BR><STRONG>The Application.StaticObjects Collection</STRONG><BR>"20. For Each objItem in Application.StaticObjects21. If IsObject(Application.StaticObjects(objItem)) Then22. Response.Write "<OBJECT> element: ID='" & objItem & "'<BR>“23. End If24. Next25. %>

The ASP Application Object In Action

Bina Nusantara

21. <H2>Add a value to the Application Object</H2>22. <FORM ACTION="<%=Request.ServerVariables("SCRIPT_NAME") %>" METHOD="POST">23. <INPUT TYPE="SUBMIT" NAME="cmdAdd" VALUE=" ">24. Application("25. <INPUT TYPE="TEXT" NAME="txtVarName" VALUE="">26. ")="27. <INPUT TYPE="TEXT" NAME="txtVarValue" VALUE="">28. "29. <BR>30. <H2> Remove a value from the Application Object</H2>31. <INPUT TYPE="SUBMIT" NAME="cmdRemove" VALUE=" ">32. Application.Contents.Remove("33. <SELECT NAME="lstRemove" Size = "1">34. <%35. For Each objItem in Application.Contents36. Response.Write "<OPTION> " & objItem & "</OPTION>"37. Next38. %>39. </SELECT>40. ")41. <BR>42. <INPUT TYPE="SUBMIT" NAME="cmdRemoveAll" VALUE=" ">43. Application.Contents.RemoveAll44. </FORM>


Bina Nusantara

45. <%46. If Len(Request.Form("cmdAdd")) Then47. strVarName = Request("txtVarName")48. strVarValue = Request("txtVarValue")49. Application.Lock50. Application(strVarname) = strVarValue51. Application.Unlock52. End If

53. If Len(Request.Form("cmdRemove")) Then54. strToRemove = Request.Form("lstRemove")55. Application.Lock56. Application.Contents.Remove(strToRemove)57. Application.Unlock58. End If

59. If Len(Request.Form("cmdRemoveAll")) Then60. Application.Lock61. Application.Contents.RemoveAll62. Application.Unlock63. End If64. %>65. </BODY>66. </HTML>


Bina Nusantara


Bina Nusantara

The ASP Session Object In Action1. <HTML>2. <HEAD> <TITLE>The Session Object</TITLE> </HEAD>3. <BODY>4. <%5. Response.Write "<H2>The ASP Session Object</H2><STRONG>The Session.Contents

Collection</STRONG><BR>"6. For Each objItem in Session.Contents7. If IsObject(Session.Contents(objItem)) Then8. Response.Write "Object Reference: '" & objItem & "'<BR>"9. ElseIf IsArray(Session.Contents(objItem)) Then10. Response.Write "Array: '" & objItem & "' contents are :<BR>"11. varArray = Session.Contents(objItem)12. For intLoop = 0 To Ubound(varArray)13. Response.Write " Index(" & intLoop & ") = " & varArray(intLoop) & "<BR>"14. Next15. Else16. Response.Write "Variable: '" & objItem & "' = " & Session.Contents(objItem) & "<BR>"17. End If18. Next19. Response.Write "<BR><STRONG>The Session.StaticObjects Collection</STRONG><BR>"20. For Each objItem in Session.StaticObjects21. If IsObject(Session.StaticObjects(objItem)) Then22. Response.Write "<OBJECT> element: ID='" & objItem & "'<BR>"23. End If24. Next25. Response.Write "<BR><STRONG>Property Values</STRONG><BR>"26. Response.Write "Session.CodePage = " & Session.CodePage27. Response.Write "; Session.LCID = " & Session.LCID28. Response.Write "; Session.SessionID = " & Session.SessionID29. Response.Write "; Session.TimeOut = " & Session.TimeOut30. %>

Bina Nusantara

The ASP Session Object In Action

31. <FORM ACTION="<%=Request.ServerVariables("SCRIPT_NAME") %>" METHOD="POST">32. <H4>Add a value to the Session Object</H4>33. <INPUT TYPE="SUBMIT" NAME="cmdAdd" VALUE=" ">34. Session("35. <INPUT TYPE="TEXT" NAME="txtVarName" VALUE="">36. ")="37. <INPUT TYPE="TEXT" NAME="txtVarValue" VALUE="">38. "39. <BR><H4> Remove a value from the Session Object</H4>40. <INPUT TYPE="SUBMIT" NAME="cmdRemove" VALUE=" ">41. Session.Contents.Remove("42. <SELECT NAME="lstRemove" Size = "1">43. <%44. For Each objItem in Session.Contents45. Response.Write "<OPTION> " & objItem & "</OPTION>"46. Next47. %>48. </SELECT>49. ")50. <BR><INPUT TYPE="SUBMIT" NAME="cmdRemoveAll" VALUE=" ">51. Session.Contents.RemoveAll52. <BR><H4>Terminating This Session</H4>53. <INPUT TYPE="SUBMIT" NAME="cmdAbandon" VALUE=" ">54. Session.Abandon55. </FORM>

Bina Nusantara

The ASP Session Object In Action55. <%56. If Len(Request.Form("cmdAdd")) Then57. strVarName = Request("txtVarName")58. strVarValue = Request("txtVarValue")59. Session(strVarname) = strVarValue60. End If

61. If Len(Request.Form("cmdRemove")) Then62. strToRemove = Request.Form("lstRemove")63. Session.Contents.Remove(strToRemove)64. End If

65. If Len(Request.Form("cmdRemoveAll")) Then66. Session.Contents.RemoveAll67. End If

68. If Len(Request.Form("cmdAbandon")) Then69. Response.Clear70. Response.Redirect "abandon.asp“71. Response.End72. End If73. %>74. </BODY>75. </HTML>

Bina Nusantara


Bina Nusantara


1. <HTML>2. <HEAD>3. <TITLE>Terminated Session</TITLE>4. </HEAD>

5. <BODY>6. <% Session.Abandon %>

7. <FORM ACTION="<%=Request.ServerVariables("HTTP_REFERER") %>" METHOD="POST">8. <P><DIV Style = "Background-color:#FFCCFF; text-align:center">Your Session Has Been Terminated</DIV>

9. <P>A new <STRONG>Session</STRONG> will be started when you load another<BR>10. ASP Page. It will contain any values that are defined in<BR>11. the <STRONG>global.asa</STRONG> file for this application.

12. <P><INPUT TYPE="SUBMIT" NAME="cmdOk" VALUE=" ">13. Return to the previous page<P>

14. </BODY>15. </HTML>

abandon.asp

Bina Nusantara


Bina Nusantara

Cookies

• Small chunks of text that are stored on the client’s system by their browser.

• Sent to the server with every request for a page from the domain to which they apply.

• Request.Cookies collection is read-only.• Response.Cookies collection is write-only.• Contain information in two ways:

– single value– multiple-values

Bina Nusantara

Cookies• Creating a single value cookie

Response.Cookies(“item-name”) = “item-value”

• Creating a cookie contain multiple valuesResponse.Cookies(“item-name”)(“sub-item-name”) = “sub-item-value”

• To set the domain and path to which a cookie applies, and it’s expiry date :Response.Cookies(“item-name”).domain = “domain-url”Response.Cookies(“item-name”).path = “virtual-path”Response.Cookies(“item-name”).expires = #date#

If the Expires property is not set, the cookie will be destroyed when user closes the current browser instance.

• To read the values of existing cookies:strSingleValue = Request.Cookies(“item-name”)strSubItemValue = Request.Cookies (“item-name”)(“sub-item-name”)

Bina Nusantara

Storing a User’s Details in Cookies

1. <HTML>2. <HEAD>3. <TITLE>Cookie Test - Login</TITLE>4. </HEAD>5. <BODY>

6. Please enter your e-mail address and password to login to the system.7. <FORM ACTION = "CheckLogin.asp" METHOD="POST" >8. E-Mail Address: <INPUT TYPE = "Text" NAME = "Email" SIZE = "40"><BR>9. Password: <INPUT TYPE = "Password" NAME = "Password" SIZE = "10"><P>10. <INPUT TYPE = "Checkbox" NAME = "SaveLogin"> Save Login as a Cookie?<P>11. <INPUT TYPE = "Submit" VALUE = "Login"> 12. <INPUT TYPE = "RESET">13. </FORM>

14. </BODY>15. </HTML>

Bina Nusantara


Bina Nusantara


1. <%2. Dim bLoginSaved3. If Request.Form("SaveLogin") = "on" Then4. Response.Cookies("SavedLogin")("EMail") = Request.Form("email")5. Response.Cookies("SavedLogin")("pw") = Request.Form("password")6. Response.Cookies("SavedLogin").Expires = Date + 307. bLoginSaved = True8. Else9. bLoginSaved = False10. End If11. %>12. <HTML>13. <HEAD>14. <TITLE>Cookie Test - Check Login</TITLE>15. </HEAD>16. <BODY>17. <%18. If bLoginSaved Then19. Response.Write "Saving Login information to a cookie<HR>"20. End If21. %>22. Thank you for logging into the system.<P>23. E-Mail address confirmation: <%= Request.Form("email")%>24. </BODY>25. </HTML>

CheckLogin.asp

Bina Nusantara


Web-based Programming Lanjut Pertemuan 2 Matakuliah: M0492 / Web-based Programming Lanjut Tahun:...

Documents

Transcript of Web-based Programming Lanjut Pertemuan 2 Matakuliah: M0492 / Web-based Programming Lanjut Tahun:...