Cookieless Session in ASP.NET
Cookieless session:
1)providing sessionid to client browser by appending to url is called “cookiless session”
2)the main advantage is session will be maintained to client irrespective of browser settings {whether browser is supporting cookies (or) not]
3)this requires a setting within web.config
Syntax:
<session state cookieless=”true/false”/>
true->sessionid will be given to browser by appending to url
false[default]->sessionid will be given to browser in the form of inmemory cookie, in this case session will not be maintained to client if browser is not supporting cookies
Example on cookieless session site:
Goto visual studio
Start->run->devenv
It will display main window of visual studio
File menu->new->website->visual c#->select asp.net empty website
Weblocation->e:\aspnet\cookielesssessionsite[drive:\dir\websitename]
Visual studio create a folder with website name, in this folder website related files will be placed
Add webform
Goto view menu and select solution explorer
Right click on website path and select add new item
Select webform
Give name as default.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
</div>
</form>
</body>
</html>
goto design part
|
Storing creditcard |
|
Reading credit card |
reading creditcard
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
Session["creditcard"] = "1234 1234 1234 1234";
}
protected void Button2_Click(object sender, EventArgs e)
{
Label1.Text = Session["creditcard"].ToString() + "user for shapping payment";
}
}
go to solution explorer and select web.config
[place sessionstate tag below system.web tag
<configuration>
<system.web>
<sessionState cookieless="true"/>
<compilation debug="false" targetFramework="4.0" />
</system.web>
</configuration>
set default.aspx as start page
[right click on default.aspx and set as start page]
Goto control F5
Note:
The problem with cookieless session is security threat, it is not recommended when you want to store sensitive data of user [like creditcard number, bank pin,..]
Changing session timeout:
The default session timeout is 20 mins, this can be changed with a setting in web.config
Syntax:
<sessionstate timeout=”30”/>
Conclusion to session level state management
If it is small amount of data without security constraint then go with cookies, otherwise go with session
The main problem with session is memory burden on webserver[website]
Application object:
Website allocating block of memory common to all the users of website with in server system is called “application object”
Application object can be used to maintain common information to all the users across different webpages of website by storing at server system
Storing data into application object
Application[“varname”]=value;
->the value will be stored in the form of on object
->application object doesn’t have timeout, it will be maintained as long as website is running
->application object variable will be shared by all the users connected with website
Reading application object variable:
Application[“varname”]->it returns value in the form of an object, it should be type casted to required type
Locking & unlocking application object:
Each client request to website will be considered as a thread, website will provide equal processor time to all the threads[clients], in this case there is a possibility of more than client [thread] manipulating same application object data, this leads to inconsistent result
->the solution locking application object to a specific user request
Syntax:
Application.Lock();
Manipulating application object data
Application.unLock();
Application object & session object events
1.applicatin start event:
This will be executed when website is started
2.application end event:
This will be executed when website is stopped
3.application error event:
This will be executed when unhandled exception is occurred with in website, this can be used to notify error information to administrator in the form of email (or) storing error information into log file
4.session start:
This will be executed whenever a new session is created with in website
5.session end:
This will be executed when ever a session is closed with in website. This event handlers should be placed with in global application class file[i.e.global.aspx]
Website supports only one global.asaxfile
Creating website to work with application object & global.asax
Goto visual studio
Start->run->devenv
It will display main window of visual studio
File menu->new->website->visual c#->select asp.net empty website
Weblocation->e:\aspnet\applicationsite[drive:\dir\websitename]
Visual studio create a folder with website name, in this folder website related files will be placed
Place global.asax file into website
Goto view menu and select solution explorer
Right click on website path and select add new item
Select global application class
Give name as global.asax
<%@ Application Language="C#" %>
<script runat="server">
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
Application["nou"] = 0;
}
void Application_End(object sender, EventArgs e)
{
// Code that runs on application shutdown
}
void Application_Error(object sender, EventArgs e)
{
// Code that runs when an unhandled error occurs
}
void Session_Start(object sender, EventArgs e)
{
// Code that runs when a new session is started
Application.Lock();
Application["nou"] = (int)Application["nou"] + 1;
Application.UnLock();
}
void Session_End(object sender, EventArgs e)
{
Application.Lock();
Application["nou"] = (int)Application["nou"] - 1;
Application.UnLock();
}
</script>
Add webform
Goto view menu and select solution explorer
Right click on website path and select add new item
Select webform
Give name as home.aspx
Goto design part
Place label control
Signout[hyperlink]
Navigateurl-close.aspx
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class home : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Label1.Text = "numb of users connected:" + Application["nou"].ToString();
}
}
Add webform
Goto view menu and select solution explorer
Right click on website path and select add new item
Select webform
Give name as close.aspx
Goto design part
Place label control
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class close : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Session.Abandon();
Label1.Text = "logged out successfully";
}
}
set home.aspx as start page
[right click on home.aspx and set as start page]
Goto control F5
Note:
1.global.asax events will be executed implicitly when specific action takes place within website
[action can be website execution, session creation…]
2)session will be closed in 2 ways
1.based on timeout
2.calling abandon method
