8.4.3- Session Object Methods

Session Object Methods

The Session object has just one method, although the Contents collection also now boasts Remove and RemoveAll methods.

The Abandon Method

The Abandon method destroys all the objects stored in a Session object and releases the server resources they were occupying. If you do not call the Abandon method in a script, the server destroys the session objects when the session times out.

To call this method, you would use:

<% Session.Abandon %>

If you know that when a user finishes browsing a certain page they don't need any more session variables, you can call the Abandon method to release server memory resources associated with that session. Bear in mind that if you set certain useful session variable values, like UserName, all the values will be lost. On the other hand, if you are programming web games, which use server memory resources heavily, you might be better off explicitly ending the session and having the user visit the start page for another game.

A quirk of the abandon method is that it will not clear the session variables until the current page has been fully processed. If you have a page that displays the session variables, after the abandon method is called you will be still able to see the session variables.

One use of the Abandon method is during development when testing Session variables. If you create a page named abandon.asp, as described below, you can call a page when needed.

<%

  Session.Abandon

  Response.Redirect "default.asp"

%>

In this page, we first call the Abandon method of the Session object. This releases all of the session-level variables. Next, the Redirect method of the Response object is used to send the browser to the starting page of the application, creating a new session. In this example, that page is named default.asp.

The Session.Contents Collection's methods

Like the Application object, the Contents collection of the Session object has a further two methods:

• Remove
• RemoveAll

Remove Method

Removes an item from the Contents collection. Consider, for example, the following:

Session("FirstVariable") = "Fish"

Session("SecondVariable") = "Carrots"

Session.Contents.Remove("FirstVariable")

This would create two Session objects and then remove only the first.

RemoveAll Method

Removes all items from the Contents collection. So, for example, look at the following code:

Session("FirstVariable") = "Fish"

Session("SecondVariable") = "Carrots

Session.Contents.RemoveAll

This creates two Session objects and then removes from both the collection, along with any other Session objects that might have been created prior to this.

Now we'll look at example of making variables persist across different ASP pages.

In this example, we will see how the Session object can be used to pass information from page to page within a particular user session. A good rule of thumb to remember is that session-level variables work by passing information between the pages of a single user's session. Application-level variables are used to store information that can be retrieved at any time by any user accessing the system.

1.    Create a new file, and key in the following:

<HTML>

<HEAD>

<TITLE>Session Variable test</TITLE>

</HEAD>

<BODY>

<%

  Dim tAccessTime

  tAccessTime = Session("LastAccessTime")

  If tAccessTime = "" Then

    Response.Write ("This is the first time this page has been accessed!<P>")

  Else

    Response.Write ("This page was last accessed at " & tAccessTime & "<P>")

  End If

%>

<HR>Writing current access time to the Session object<BR><BR>

<% Session("LastAccessTime") = Now %>

<A href="sessVarTest.asp">Click here</A> to refresh the page.<BR><BR>

<A href="abandon.asp?dest=sessVarTest.asp">Click here</A> to abandon the session.<BR><BR>

</BODY>

</HTML>

2.    Save the file as sessVarTest.asp in your BegASP directory.

3.    Create another new file, and enter the following:

<%

Session.Abandon

Response.Redirect Request("dest")

%>

4.    Save the file as abandon.asp in your BegASP directory.

5.    View the file sessVarTest.asp in your web browser.

6.    To create a new session click on Refresh and view the page again.

In Windows 2000 with ASP 3.0, all browsers (including Navigator etc) on the same machine now have the same session, the only way to create a new session is by refreshing the page. This wasn't the case previously with ASP 2.0, where if you opened new instances of the browser(not just a new window, using File/New/Window) by starting Internet Explorer from either a desktop shortcut or from the start menu, you would create a new session.

How It Works

In this example, we are using a session-level variable to store the date and time that this page was last accessed. If there is a value present, then it will be displayed for the user. If there is no value present, then the user will be shown a message telling them this.

<%

  Dim tAccessTime

  tAccessTime = Session("LastAccessTime")

This first thing that we will need to do when processing this page is to retrieve the value stored in the session-level variable. We will be storing it in a local variable, which we can use throughout this page. This is very efficient way of working with session-level variables. It's important to remember that since the act of retrieving the session-level variable tends to consume a good deal of processor time, it is better to store the data locally, and then work with the local variable.

  If tAccessTime = "" Then

    Response.Write ("This is the first time this page has been accessed!<P>")

  Else

    Response.Write ("This page was last accessed at "  & tAccessTime & "<P>")

  End If

Next, we check to see if there is a value in the variable that we just retrieved. If no value has been set, then the variable will be empty. This will be the case if the session has not been created before, if the session timed out, or if this is the first time a user has been to this page. This may seem a bit strange to some people who are familiar with other languages in which a variable must have a value before it can be accessed. But in ASP, you can check to see if a session-level variable exists simply by trying to access it. If the variable does not exist, then nothing will be returned. If there is a value there, then we will display it.

<HR>Writing current access time to the Session object<P>

<% Session("LastAccessTime") = Now %>

We will then update the value of the session-level variable called LastAccessTime with the current date and time. Notice the difference between interacting with a session-level variable, and an application-level variable. Since the session is only for one user, there are no Lock and UnLock methods for the Session object as there are for the Application object. To set a value in a session-level variable, nothing special has to be done beforehand.

<A href="sessVarTest.asp">Click here</A> to refresh the page.

<A href="abandon.asp?dest=sessVarTest.asp">Click here</A> to abandon the session.<P>

We then provide two hyperlinks to allow the user to navigate from this page. The first hyperlink will reload the current page. This will cause the value that was just stored in the session-level variable to be displayed, and a new time stored there. The second hyperlink will call the abandon.asp file, which will abandon the current session. The abandon.asp file needs to know where to send the browser once the session has been abandoned, and this page name is passed as the dest query string variable.

<%

  Session.Abandon

  Response.Redirect Request("dest")

%>

The abandon.asp file will perform two functions. First, it will explicitly end the current session by calling the Abandon method. This will free any session-level variables and reset their values. Next, the script will redirect the browser to the page that the user supplied. Notice that we have used the shortcut to retrieving the value of a query string variable, whereby we don't tell ASP which collection the information resides in. ASP will search each of the collections looking for the supplied key. When and if it finds it, it will return the value to the script. This is fine as long as you don't access a collection before the generic Request collection that has a variable with the same name, resulting in the wrong variable being read.