Lesson 3	ASP's Session object
Objective	Describe how the Session object maintains user information.

ASP's Session Object

The Session object in ASP allows data related to a specific user to be stored in memory on the server for the duration of that user's session. In practical terms, this means that any Web page on the Web site can read, update, and store user information, making it available to any other Web page on the site as the user navigates from page to page setting preferences and making selections. An individual user's Session object, an array that can grow as more data is stored for that user, is created by ASP when a user first contacts the website. The user is associated with a particular set of session data through an ASP-generated Session ID, sent as a cookie to the user's browser. Unlike the browser cookies discussed in a previous module, this session cookie is a temporary one: it does not have an expiration date and time, and it does not store any data fields, just the Session ID. When the user closes his or her Web browser, session cookies are not saved.

Summary of the Session object in Classic ASP:

Collections
Session.[collection\|property\|method]\|("variable")
Contents	All the Session variables (and their values) are stored in the Contents collection.
StaticObjects	All the objects created with the <OBJECT> tag, but not those created with the CreateObject() method of the Server object.
Properties
CodePage	The code page determines how character codes are mapped to display characters.
LCID	A standard identifier that determines which system-defined locale should be used.
SessionID	The Session ID for a particular user/session.
TimeOut	How long (in minutes) should ASP wait for activity before ending this session and clearing its session variables?
Events
Session_OnEnd	A procedure that runs when a session ends. The code for this procedure (if one is used) is stored in the Global.asa file.
Session_OnStart	A procedure that runs when a session begins. The code for this procedure is stored in the Global.asa file.
Methods
Abandon()	Terminate this session and everything (in particular, all the Session variables) that goes along with it. If the session times out, this happens automatically, but you can force it with the Abandon() method.

Session object: Stores persistant information for each user session.
Warning: Using the Session object requires that sessions be enabled for the application. Otherwise, an error will occur.
Warning: User sessions require the client to support and accept cookies in order to function properly. It is a good idea to configure your server to support P3P [ http://www.w3.org/P3P/] , in order to support newer browsers with more paranoid privacy settings.
Session.Abandon method: Closes the session, freeing up all associated resources.
Usage: Session.Abandon
Details: Always abandon the session once you know the user has finished with the application. Providing a link to a simple logoff page is one way to accomplish this.

<%
Session.Abandon
Response.Redirect "/" ' send user to the site's home page
%>

Example Logoff.asp

The following series of images illustrates the process of creating a Session ID

Establishing a Session ID using ASP

1) When a user connects to the site, the server accepts the connection.

2) The server sends this value in the form of a cookie to the user's browser.

3) Until the connection is abandoned or times out, the server will use that value to mark the user's requests so it can return the requested files to the right place.

4) When a new user connects to the server, the server again consults an internal value, increments it by one, and assigns that value to the new user's connection

User's Session ID

An ASP Session object and unique Session ID are created for each user. However, be aware that Session IDs are generated uniquely only as long as the Web server computer and software are running. If the computer is restarted, or if the Web service program (Personal Web Server or its equivalents) is stopped and started again, there may be duplication of Session IDs with ones generated earlier. It is possible to assign a Session ID to a user as a permanent User ID for your site. Because there is the chance that Session IDs may be duplicated upon a server reboot, you should not employ a Session ID as a permanent User Identification.

Using Session variables
Although the Session object has some useful attributes (such as TimeOut and SessionID), the real power of the Session object is in storing values throughout a session. Using Session variables is a powerful solution because you can store objects as well as simple strings or numbers. For example, you can use Session variables to store:
1. Database connections - Create a connection to a database (which can be a resource drain on a server) just once for a user, and use the same connection over and over again through a Session variable.
2. Items in an online shopping cart - A two-dimensional array holding multiple items (each with Product ID, quantity, and price) can be set up as a Session variable.
3. A background image - Each user could select from among several background images, and a Session variable could store the filename of the image to incorporate into the Web pages' HTML code.

The next lesson describes the Global.asa file.