Session Management in ASP NET Session Tracking Personalization

Session Management in ASP. NET

Session Tracking Personalization makes it possible for e-businesses to communicate effectively with their customers. Online shopping sites often store personal information for customers, tailoring notifications and special offers to their interests. Privacy A trade-off exists, however, between personalized e-business service and protection of privacy. Some consumers fear the possible adverse consequences if the info they provide to e-businesses is released or collected by tracking technologies. 2

Session Tracking Recognizing Clients To provide personalized services to consumers, e-businesses must be able to recognize clients when they request information from a site. HTTP is a stateless protocol—it does not support persistent connections that would enable web servers to maintain state information between requests. Tracking individual clients, known as session tracking, can be achieved in a number of ways. Using cookies. Using ASP. NET’s Http. Session. State object. Using “hidden” form elements. Embedding session-tracking information directly in URLs. 3

Session Tracking - Cookies are pieces of data stored in a small text file on the user’s computer. A cookie maintains information about the client during and between browser sessions. Every HTTP-based interaction between a client and a server includes a header containing information about the request or response. When a web server receives a request, the header includes any cookies that have been stored on the client machine by that server. When the server formulates its response, the header contains any cookies the server wants to store on the client computer. 4

Session Tracking - Cookies The expiration date of a cookie determines how long the cookie remains on the client’s computer. If no expiration date is set, web browser maintains the cookie for the duration of the browsing session. Otherwise, the web browser maintains the cookie until the expiration date occurs. Cookies are deleted when they expire. Most browsers allow 20 cookies per server. The size of a cookie is not more than 4096 bytes or 4 KB. Portability Tip 5 Users may disable cookies in their web browsers to help ensure their privacy. Such users will experience difficulty using web applications that depend on cookies to maintain state information.

Example using Cookies Create Options. aspx file with: 1. A Label "Select a programming language: " 5 radio buttons with the values Visual Basic, Visual C#, C, C++, and Java. 3. A Submit button 4. A Hyperlink that navigates to "~/Options. aspx“ 5. A Hyperlink that navigates to "~/Recommendations. aspx“ 2.

Writing Cookies in a Code-Behind File • The code-behind file for Options. aspx. Outline Options. aspx. cs (1 of 3 ) For adding new entries, class Dictionary provides method Add, which takes a key and a value as arguments. 7 Figure. | Code-behind file that writes a cookie to the client. (Part 1 of 3. )

Outline Options. aspx. cs (2 of 3 ) For adding new entries, class Dictionary provides method Add, which takes a key and a value as arguments. Fig. | Code-behind file that writes a cookie to the client. (Part 2 of 3. ) 8

Outline Options. aspx. cs (3 of 3 ) Create an Http. Cookie object, passing a name and a value as arguments. Add the Http. Cookie to the Cookies collection sent as part of the HTTP response header. 9 Fig. | Code-behind file that writes a cookie to the client. (Part 3 of 3. )

Session Tracking This code writes a cookie to the client machine when the user selects a programming language. A Dictionary is a data structure that stores key/value pairs. For adding new entries, class Dictionary provides method Add, which takes a key and a value as arguments. The expression dictionary. Name[ key. Name ] returns the value corresponding to key. Name. Create an Http. Cookie object, passing a name and a value as arguments. Add the Http. Cookie to the Cookies collection sent as part of the HTTP response header. 10

Example using Cookies � Create Recommendations. aspx file with: 1. Add a Label “Recommendations“ Add a Listbox 3. Add a Hyperlink that goes back to Options. aspx. 2.

Outline Code-Behind File That Creates Book Recommendations From Cookies Recommendations. aspx. cs (1 of 2 ) Retrieve the cookies from the client using the Request object’s Cookies property. 12 Fig. | Reading cookies from a client to determine book recommendations. (Part 1 of 2. )

Outline Recommendations. aspx. cs (2 of 2 ) Use the Name and Value properties of an Http. Cookie to access its data. Fig. 13 | Reading cookies from a client to determine book recommendations. (Part 2 of 2. )

Session Tracking Retrieve the cookies from the client using the Request object’s Cookies property. This returns an Http. Cookie. Collection containing cookies that were previously written to the client. Cookies can be read by an application only if they were created in the domain in which the application is running. Use the Name and Value properties of an Http. Cookie to access its data. 14

Session Tracking Some commonly used Http. Cookie properties: 15 Fig. | Http. Cookie properties. (Part 1 of 2. )

Session Tracking 16 Fig. | Http. Cookie properties. (Part 2 of 2. )

Session What is a session? Context in which a user communicates with a server over multiple HTTP requests Within the scope of an ASP. NET Application HTTP is a stateless, sessionless protocol ASP. NET adds the concept of “session” Session identifier: 120 bit ASCII string Session variables: store data across multiple requests

Example for Session Let’s modify the Cookies example to use Session Use Http. Session. State instead of Cookies

Outline a) b) Options. aspx c) 19 d)

Session Tracking We keep the Enable. Session. State property’s default setting—True. Every Web Form includes an Http. Session. State object, which is accessible through property Session of class Page. When the web page is requested, an Http. Session. State object is created and assigned to the Page’s Session property. A distinct Http. Session. State resides on the server, whereas a cookie is stored on the user’s client. Like a cookie, an Http. Session. State object can store name/value pairs. The name/value pairs stored in a Session object are often referred to as session items. 20

Adding Session Items Outline Options. aspx. cs (1 of 3 ) 21 Fig. | Creates a session item for each programming language selected by the user on the ASPX page. (Part 1 of 3. )

Outline Options. aspx. cs (2 of 3 ) Fig. | Creates a session item for each programming language selected by the user on the ASPX page. (Part 2 of 3. ) 22

Outline Options. aspx. cs (3 of 3 ) Call Add to place a session item in the Http. Session. State object. Property Session. ID contains the unique session ID, which identifies each unique client. 23 Fig. | Creates a session item for each programming language selected by the user on the ASPX page. (Part 3 of 3. ) Property Timeout specifies the amount of time that an Http. Session. State object can be inactive before it is discarded.

Session Tracking Call Add to place a session item in the Http. Session. State object. If you add an attribute that has the same name as an attribute previously stored in a session, the object associated with that attribute is replaced. Another common syntax for placing a session item in the Http. Session. State object is Session[ name ] = value. 24

Session Tracking Property Session. ID contains the unique session ID, which identifies each unique client. Property Timeout specifies the amount of time that an Http. Session. State object can be inactive before it is discarded. By default, a session times out after twenty minutes. 25

Session Identifier By default, session id is stored in a cookie Can optionally track session id in URL Requires no code changes to app All relative links continue to work <configuration> <sessionstate cookieless=“true”/> </configuration>

Session Tracking Some common Http. Session. State properties: 27

Code-Behind File That Creates Book Recommendations from a Session Outline Recommendations. aspx. cs (1 of 2 ) Use the Session object’s Count property to determine if the user has selected any languages. 28 Fig. | Session data used to provide book recommendations to the user. (Part 1 of 2. ) The Keys property of class Http. Session. Sta te returns a collection containing all the keys in the session.

Outline Recommendations. aspx. cs (2 of 2 ) The value in a key/value pair is retrieved from the Session object by indexing the Session object with the key name. Fig. | Session data used to provide book recommendations to the user. (Part 2 of 2. ) 29

Session Tracking The Keys property of class Http. Session. State returns a collection containing all the keys in the session. The value in a key/value pair is retrieved from the Session object by indexing the Session object with the key name. 30

Session Variables ASP stores session state in IIS process State is lost if IIS crashes Can’t use session state across machines ASP. NET stores session state: In another process: ASP State NT service In SQL Server database

Session Variables “Live” objects are not stored in session state Instead, ASP. NET serializes objects out between requests ASP. NET approach provides: Ability to recover from application crashes Ability to recover from IIS crash/restart Can partition an application across multiple processes (called a Web Garden) Can partition an application across multiple machines (called a Web Farm)