0 оценок0% нашли этот документ полезным (0 голосов)
70 просмотров27 страниц
The document discusses maintaining state in ASP.NET web applications. It describes how web requests are stateless by default and how ASP.NET provides various methods like View States, Sessions, and cookies to maintain state across page requests. It specifically focuses on the Application and Session objects that allow storing and retrieving data across pages to maintain state. It provides examples of using these objects, such as for storing user login information in a session to restrict access to certain pages.
The document discusses maintaining state in ASP.NET web applications. It describes how web requests are stateless by default and how ASP.NET provides various methods like View States, Sessions, and cookies to maintain state across page requests. It specifically focuses on the Application and Session objects that allow storing and retrieving data across pages to maintain state. It provides examples of using these objects, such as for storing user login information in a session to restrict access to certain pages.
The document discusses maintaining state in ASP.NET web applications. It describes how web requests are stateless by default and how ASP.NET provides various methods like View States, Sessions, and cookies to maintain state across page requests. It specifically focuses on the Application and Session objects that allow storing and retrieving data across pages to maintain state. It provides examples of using these objects, such as for storing user login information in a session to restrict access to certain pages.
One of the difficulties of Web programming is that it takes place
in a stateless environment. That is, information that is generated on one page is not normally accessible by any other page. When navigating from one page to the next, all knowledge of the previous page is lost. Neither the browser nor the server retains any information associated with the previous page. Each page access occurs as if it were the first time it has ever happened. Since the processing "states" of Web pages are not normally maintained between page navigations, it introduces difficulties in coordinating processing work between pages; thus, the introduction in ASP.NET of View States, Sessions, and other methods to "maintain state" between pages. Some Solutions
This problem of sharing information between pages
of a Web site has been attacked in several ways in the past. Browser cookies are one way of saving information from one page to make it accessible by another page. Small amounts of data can be written from a page to a cookie file on the local computer and then retrieved from that same computer by a different page. However, cookies are limited in the amount of information that can be saved to the browser for later retrieval. …also, some clients may disable cookies on their machines.. Form Submission
In a similar way, Web forms have been used
to collect information on one page to pass along to a second page, often through "hidden" fields of data and control information. Although form submission is the primary technique for gathering user data for processing, it involves extra, and often times unnecessary, coding overhead to simply maintain state between pages ASP.Net however, uses form control as a mechanism for data transfer between pages Scene set! Scene set2 Session Variables
Our goal is to create a variable that you can
use throughout your site, passing it from one page to the next In order to achieve this ASP.Net has a number of built-in objects Request and Response being prime examples of these. Two other objects that all ASP scripts have access to are Application and Session, and it is these special objects that let us store data that will be accessible by all ASP.Net scripts in the current Web application. The Application Object
Whereas every page request gets its own Request
and Response objects, all requests for ASP.Net pages in a Web application share the same Application object. This object is created the first time an ASP page is requested from the application after the Web server starts up, and is destroyed when the Web server shuts down, or when the Web application is unloaded manually in the IIS management console. Because this object persists from one page request to another, it can be used to store data that you want to share with all other pages in your application. To store a value in the application object, simply use the following syntax: Application("varName") = value Accessing Application variables You can then access that stored value as you would a regular variable, except as Application("varName"). A simple use of the Application object would be for a hit counter. You could record the number of hits your Website has received as Application("hits"), and increment that value with each page request. Here's the basic code involved: <html> <head> <title> Simple counter </title> </head> <body> <p>Page requests: <% Application.Lock Application("hits") = Application("hits") + 1 Response.Write(Application("hits")) Application.unlock %> </p> </body> </html> Application Lock
The call to Application.Lock waits for any
other processes to finish accessing the Application object, before locking access to it. This forces other clients to wait until the call to Application.Unlock before they can read or write the stored values again. This effectively prevents the occurrence of mix-ups where 2 browsers laod this page at the same time The Session Object
The Session object is very similar to the
Application object, as it allows you to store values that are shared between all the pages of your site. The main difference between the two is that, where a single Application object is shared by all pages and all clients that access your site. However, for a Session object, each client (browser) is assigned its own Session object. Typical use of session variable
A typical use of the Session object is to store
a user's shopping cart on an online shopping site. Obviously it doesn't make sense for all your users to share a single shopping cart, so the fact that each user gets a Session object of his or her own fits the bill precisely. Also, it can be used to prevent unauthoruised access to a Web page?? ASP Sessions and Applications - The global.asax File
global.asax is a special file that you can
create in the root directory of your Web application. It specifies the actions to be taken in response to four events: Application start (Application_OnStart) Application end (Application_OnEnd) Session start (Session_OnStart) Session end (Session_OnEnd) The On_Start Methods
Application_OnStart can be used to set up
initial values for application variables, or perhaps to restore some saved information from the last time the Web server was run, by loading it from a file or database. Application_OnEnd, meanwhile, is generally used to clean up any open resources, and save information that will be needed the next time the Web application is started. Session_OnStart and Session_OnEnd perform similar functions for user sessions. A Typical Global.asax file A Quick demo
Suppose that you have the following site structure
Page1 – hit counter plus simple log-in ( just some name will do) Page 2 – Checks if the user entered a name or else user is re-directed to login page Login Page The Second (Restricted) Page Some Issues
Note that a user who has not entered a user
name cannot get into page 2 Also, if the URL for page 2 is typed directly into the browser, the user is immediately re- directed to the log-in page Creating Log-in Controls Manually
This can be an arduous task – that is why
membership controls are better However, it is nice to know how to do log-in controls manually First create a SQL Server table of user names and passwords Using the ASP.Net Page Template
Rearrange the site master so that the page
resembles…
The idea is that access to the private pages is
restricted…to do this is quite simple Write the code for the Page_Load event handler of the web page so that it will only load if it can find the value of a Session variable that you control The Page Load Event of the Private Page
The protection code for restricted web page is
quite simple …it goes something like..
The session variable is created in the
Global.asax file of the entire web application The Global File So now you would like to log-in!
The log-in page consists of 2 textboxes and a
button that triggers querying of the database to check if the username and password exists It basically does a search on the database and returns a single row of data if a username and password match is found If a match is found, you have to set the session variable’s value (which is currently nothing) to the username value returned from the textbox Once this Session is set, it will allow you entry into the Private Page The Login Page
A Sql DataSource is used to take the
username and password as parameters into the database The row that is returned is bound to a DetailsView If the Detailsview has more than zero rows, it mean that there is a username and password match …in which case the user is allowed to enter the Private Page The Main Action is on the Site Master To Use the Membership suite or not!
The Membership suite of controls
Allows you to forget about the harshness of maintaining state It presents you with an automatic updated view of the log-in status of the user It does however, create a problem when linking the user’s credentials to the business database If you go for the manual version, then You will have better control in terms of linking with the actual business However, there will be much more programming required …can get quite messy!