How To Store State in Active Server Pages Applications (175167)


The information in this article applies to:

  • Microsoft Active Server Pages
This article was previously published under Q175167

SUMMARY

When you develop an Active Server Pages (ASP) Web application, a common way to customize the content is to store information about the user. There are several ways to store information in an ASP environment. This article lists the most common ways to store state, including sample code and the pros and cons of each option.

MORE INFORMATION

Session and Application Variables

How do they work?

The Session and Application variables are stored on the server. A SessionID, which is generated at the start of an ASP session, is an in-memory cookie that is stored on the client to identify the Session variables. As a result, the client must have cookies enabled in the browser for Session and Application variables to work.

Pros

  • This method is easy to implement.
  • You can store both simple variable types and objects (although storing objects is not recommended).
  • The values that are stored in Session and Application variables are hidden from the user.

Cons

  • This method requires clients to have cookies enabled in their Web browser.
  • This method cannot reliably be shared between frames in a frameset or across multiple browser instances.
  • This method stores information on the Web server. This decreases scalability in two ways: Session and Application variables use resources on the server, and they cannot be used on completely load balanced Web Farms.

Sample

Set the value of a Session variable: 
<%
   'Store information in a session variable.
   Session("myInformation") = "somevalue"
%>
Retrieve the value from the Session variable: 
<%
    'Retrieve the information stored in the session variable.
    myValue = Session("myInformation")
%>

Cookies

How do they work?

There are two types of cookies: in-memory cookies, and cookies that are stored to the client's disk. An in-memory cookie is one or more name-value pairs that are stored in the browser's memory until the browser is closed. A cookie that is stored to disk is a file on the client's computer that contains name-value pairs.

Cookies can be set and retrieved from both client-side and server-side code.

Pros

  • This method is easy to implement.
  • This method can be saved to disk for future use (disk-based cookie) by simply setting an expiration date on the cookie. This enables storage between browser sessions.

Cons

  • The client can manually modify cookies that are stored to disk.
  • This method requires clients to have cookies enabled in their Web browser.
  • Cookies cannot store objects.

Sample

Store information in a cookie: 
<%
   'Set a cookie value.
   Response.Cookies("myInformation") = "somevalue"
   'Expire the cookie to save it to disk. If this is omitted, the cookie
   'will be an in-memory cookie. In this case, the cookie is set to expire
   'in twenty days.
   Response.Cookies("myInformation").Expires = now() + 20
%>
Retrieve the value from a cookie: 
<%
    'Retrieve the information that is stored.
    myValue = Request.Cookies("myInformation")
%>

Hidden Form Fields

How do they work?

Every page needs a form with hidden form fields that contain the state information. Instead of linking and redirecting to pages, the form is submitted when a user browses to a different page.

Pros

  • This method does not require cookies.

Cons

  • It can be cumbersome to redirect and link to pages.
  • This method cannot store objects.

Sample

Store information in hidden fields: 
<HTML>
<HEAD>
<SCRIPT LANGUAGE=javascript>
  //Function that is used to submit the links:
  function browseToUrl(url){
    form1.action=url;
    form1.submit();
  }
</SCRIPT>
</HEAD>
<BODY>

<%
  dim myInformation
  myInformation = "somevalue"  
%>

<!-- This stores the value that is set above in the hidden form field. -->
<FORM id="form1" name="form1" action="" method="post">
<INPUT type="hidden" id="myInformation" name="myInformation" value="<%= myInformation%>">  

<!-- Navigation sample that uses this technique. -->
<INPUT type="button" value="p3.asp" id=button1 name=button1 onclick='goToUrl("p3.asp");'>
</FORM>
</BODY>
</HTML>
Retrieve the value from the hidden form field: 
<%
    'Retrieving the information that is stored.
    myValue = Request.Form("myInformation")
%>

QueryString

How does it work?

When you use the QueryString collection, the variables are stored in the URL as a name-value pair. For example: 
http://servername/page.asp?var1=value1&var2=value2&var3=value3
NOTE: Name-value pairs are separated by an ampersand (&).

Pros

  • If the client bookmarks the page, the state will persist.

Cons

  • The full URL can only be 2083 bytes.
  • This method cannot store objects.
  • The URL is very long and hard to read.

Sample

Store information in the QueryString: 
<HTML>
<HEAD></HEAD>
<BODY>
<%
   'Function that assembles the QueryString:
   function AddToQueryString(qs, name, value)
     
     if qs="" then
       qs = name & "=" & value
     else
       qs = qs & "&" & name & "=" & value
     end if
     
     addToQueryString = qs
   end function

   dim querystring

   'Store the first value.
   querystring = AddToQueryString(querystring, "firstvar", "firstvalue")
   'Store the second value.
   querystring = AddToQueryString(querystring, "secondvar", "secondvalue")
%>

<a href="urlreceive.asp?<%=querystring%>">urlreceive.asp</a>
</BODY>
</HTML>
Retrieve the values from the QueryString: 
<%
    'Retrieve the information stored.
    myFirstValue = Request.QueryString("firstvar")
    mySecondValue = Request.QueryString("secondvar")
%>

File and Database

How do they work?

You can implement this technique in many different ways. The following steps illustrate one way to implement the file and database storing of state:
  1. Generate an ID when the user first logs on or browses to a page within your application.
  2. Use any of the techniques in this article to store the ID.
  3. To store the values in a file, use the ID as the file name. To store the values in a database, use a combination of the ID and the name-value pair to identify the record.
  4. Optionally store a timestamp with the name-value pair in the database. For files, you can use the timestamp from the last revision.
  5. Write a service to perform cleanup (delete records and files) at certain intervals (for example, every 20 minutes or every night, based on how many users access the site). The service can use the timestamp to determine whether a record has expired.

Pros

  • The values are completely hidden from the user.
  • If you use a file share or a database, this can be used to simulate session variables on a Web Farm.
  • It does not require cookies.

Cons

  • It stores data on the server side.
  • It can be cumbersome to implement.
  • This method can be slow because database and file access is required to store and retrieve the values.

REFERENCES

For more information, see the following articles on the Microsoft Developer Network (MSDN):

Session Object
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iisref/htm/ref_vbom_seso.asp

Application Object
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iisref/htm/ref_vbom_apo.asp

Cookies
Response.Cookies Collection
Request.Cookies Collection

QueryString
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iisref/htm/ref_vbom_reqocqs.asp

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

244465 How To Disable ASP Session State in Active Server Pages

178037 PRB: Session Variables Lost When ASP is Located in Frameset

For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

http://support.microsoft.com/search/default.aspx?qu=vinterdev

Modification Type:MajorLast Reviewed:5/2/2006
Keywords:kbASPObj kbCodeSnippet kbhowto kbScript KB175167
©2004 Microsoft Corporation. All rights reserved.