Session details
SESSION model profile What is session? Simply, the server gives a number to the client. When a WWW server is running, there may be several users to browse the website that is being transported on this server. When each user establishes a connection with this WWW server, he established a session with this server, and the server will automatically assign it for it to identify the only identity of this user. This sessionID is a string that is randomly generated by the WWW server, and we will see its actual look in the experiment below.
This unique sessionID is very practical. When a user submits a form, the browser will automatically attach the user's sessionID in the HTTP header information, (this is the automatic function of the browser, the user will not be perceived), when the server processes this form, return the result Back Users corresponding to SessionID. Imagine if there is no sessionID, when there are two users register at the same time, the server can know which user submits which form is submitted. Of course, there is still a lot of other roles in SessionID, we will mention it later.
In addition to sessionid, there are many other information in each session. However, for the program to write ASP or ASP.NET, most useful or can store their respective information for each user by accessing the built-in session object of ASP / ASP.NET. For example, we want to know about users who visit our website to view a few pages, we may join each page to access each page:
<% IF session ("pageviewed") = "" "" pageviewed ") = 1ELSE session (" PageViewed ") = session (" PageViewed " 1END IF%>
Through the sentence, you can let users know how to browse a few pages:
<% Response.write ("You Have Viewed" & "PageS")%>
Some readers may ask: This seems like the session ("..") from the array. Need me to define? In fact, this session object is an built-in object with a WWW server with an ASP interpretation capability. That is, this object has been defined in the ASP system, you only need to use it. Where sessions ("..") is .. As if the variable name, session ("..") = $$ in $$ is the value of the variable. You only need to write the sentence, you can access it in each page of this user .. Variables in variables.
In fact, ASP built seven objects in total, SESSION, Application, Cookie, Response, Request, Server, etc. There is also a similar object in other server-side scripting languages such as JSP, PHP, etc., just called or use it.
The Defect of the ASP Session is currently using the SESSION's powerful features, but found ASP session has the following flaws during the process of use:
Process dependencies: ASP session status is in the process of IIS, that is, inetinfo.exe. So when the INetInfo.exe process crashes, this information is lost. In addition, the IIS service will cause loss of information. Site status of the SESSION Status: When a user accesses another website from a website, these session information will not be migrated. For example: Sina's WWW server may go more than one, after logging in to each channel browsing, but every channel is on different servers, if you want to share session information in these WWW servers? Cookie's dependence: In fact, the client's session information is stored with cookies. If the client completely disables the cookie function, he cannot enjoy the features provided by Session. Given the above deficiencies of ASP session, Microsoft designers have made corresponding improvements in design and development of ASP.NET Session, fully overcome the above defects, making ASP.NET Session a more powerful feature. Web.config file Introduction Some ASP.NET programmers said: web.config file? I have never heard of it, but I wrote the procedure that I can't do. Yes, you are right, no web.config file programs can run normally. However, if you have a large website, you need to do some integral configurations for the entire website. For example, the page of the entire website is written, the website's secure authentication mode, session information storage mode, etc., you need to use it. Web.config file. Although some options in the web.config file can be configured by IIS, if there is also a corresponding setting in Web.config, it covers the configuration in IIS. Moreover, the greatest convenience of the web.config file is to access the settings in Web.config in the ASP.NET page by calling System.Web namespace.
There are two kinds of web.config, which are server configuration files and web application configuration files, they are named Web.config. In this configuration file, a series of information written in which language written in the current IIS server is saved, the application security authentication mode, and the session information storage method. This information is saved using XML syntax. If you want to edit it, you will use the text editor.
The server profile works on all applications in all sites under the IIS server. In .NET Framework 1.0, the server's web.config file exists: /winnt/microsoft.net/framework/v1.0.3705.
The web application configuration file Web.config is saved in each web application. For example: the root of the current website / INETPUB / WWWROOT, and the current web application is myApplication, the web application root directory should be: / inetpub / wwwroot / myapplication. If your site is there, there is only one web application, the root directory of the application is / inetpub / wwwroot. If you want to add a web application, add a virtual directory with the application starting point in IIS. The files and directories in this directory will be treated as a web application. However, this is not to generate a web.config file for you through the IIS. If you want to create a web application with a web.config file, you need to use Visual Studio.net, create a new web application project.
The web application configuration file Web.config is optional and can be available. If not, each web application uses the server's web.config configuration file. If so, you will override the corresponding values in the server web.config configuration file. In ASP.NET, web.config will automatically achieve immediately after saving, and it is necessary to restart the web application after modification of the configuration file in the ASP.
After the session configuration information in the web.config file opens an application's configuration file Web.config, we will find the following:
This is how to configure how the application stores Session information. The various operations below us are mainly for this paragraph configuration. Let's take a look at the meaning of the content contained in this section. The syntax of the SessionState node is like this:
There must be some attributes
Property Option Description Mode Settings Where is the SESSION information stores off to set to not use the session function inProc to set the session in the process, which is the storage mode in the ASP, which is the default value. Stateserver is set to store the session in a separate status service. SQLServer settings store the session in SQL Server.
Optional properties are:
Property Option Description Cookieles Setting the Session Information Store to where Ture uses the cookieless mode FALSE to use the cookie mode, this is the default value. How many minutes after Timeout settings After the server, the server automatically gives up the session information. The default is 20 minutes StateConnectionstring Settings When the session information is stored in the status service in the status service, for example: "TCPIP = 127.0.0.1: 42424". This property is required when the value of Mode is StateServer is. SqlConnectionstring Sets the connection string when connecting to the SQL Server. For example, "data source = localhost; integrated security = sspi; initial catalog = northwind". This attribute is required when the value of Mode is SQL Server. StateNetworkTimeout Settings When you use the Stateserver mode to store the Session status, after you have been idle, disconnect the TCP / IP connection of the server with the server that stores status information. The default is 10 seconds. In the SESSION Status of the client session state in the ASP.NET, you can find that the Session status should be stored in two places, namely the client and server. The client is only responsible for saving the sessionID of the corresponding website, while other session information is saved on the server. In ASP, the client's sessionID is actually stored in the form of cookie. If the user selects the disable cookie in the browser setting, he can't enjoy the convenience of session, or even can't access some websites. In order to solve the above problems, the session information storage method of the client in ASP.NET is divided into: cookie and cookieless.
ASP.NET, in the default state, on the client or use the cookie to store session information. If we want to store the session information in the client to use the cookieless, the method is as follows:
Find the root directory of the current web application, open the web.config file, find the following paragraph:
CookielesS = "false" in this passage is changed to: cookieless = "true", so that the client's session information will no longer store it with the cookie, but store it through the URL. Close the current IE, open a new IE, re-access the just web application, you will see the following look:
Among them, http: // localhost / mytestapplication / (ulqsek45heu3ic2a5zgdl245) /Default.aspx is marked is the client's session ID. Note that this information is automatically added by IIS without affecting the previously normal connection.
Storage preparation for server-side session status in ASP.NET
In order to experience the experimental phenomenon, you can create a page called sessionState.aspx and add the following code to
body>.Your session contains: "& / Session (" mysession "). Tostring () &" font> "End Sub
Sub Checksession (Sender As Object, Eventargs) IF ("Mysession") IS Nothing) Then span1.innerhtml = "Nothing, session Data Lost!" Else Span1.innerhtml = "Your session Contains: "& / Session (" mysession "). TOSTRING () &" font> "end ifend sub script>
This sessionState.aspx page can be used to test whether session information is lost on the current server.
Store the server session information in the process allows us to return to the Web.config file.
This way is the same as the mode in previous ASP, that is, the server stores the session information in the IIS process. This information will be lost when IIS is closed. But this model has its own biggest advantage, which is the highest performance. It should be stored in the process of IIS for all session information, so IIS can access this information quickly, this mode performance is faster than the process of storage session information outside of the process or in SQL Server. a lot of. This mode is also the default way of ASP.NET.
Ok, let us make a trial. Open the previous sessionState.aspx page, just enter some characters to store it in the session. Then let us get IIS. Note that it is not to stop the current site, but at the node of the machine name of this machine in IIS, click the right mouse button to select Restart IIS. (I want to use NT4 when I first use NT4, restart IIS must restart the computer, and Microsoft is really @ # $% ^ &) Return to the sessionState.aspx page, check the SESSION information that is just now, and found that the information has been lost.
Store server session information first, let's open the management tool -> service, find the service named: ASP.NET State Service, start it. In fact, this service is to launch a process to save session information. Once you start this service, you can see a process called ASPNET_STATE.EXE from the Windows Task Manager -> process, which is the process we hold the session information.
Then, returning to the paragraph in the web.config file, change the value of the Mode to Stareserver. After saving the file, reopen an IE, open the sessionState.aspx page, save some information into the session. At this time, let's restart IIS, then return to the sessionState.aspx page to view the SESSION information just now, and find that it is not lost.
In fact, this way to store the session information outside the process is not only stored in the process of being stored in this unit, and the session information can be stored in the process of other servers. At this time, it is not only necessary to change the value of MODE to StareServer, and the corresponding parameters are required in StateConnectionstring. For example, your calculations are 192.168.0.1, you want to store the session in the process of the IP 192.168.0.2, you need to set it: stateConnectionstring = "TCPIP = 192.168.0.2: 42424". Of course, don't forget to install .NET Framework in the 192.168.0.2 computer, and start the ASP.NET State Services service.
Store server session information first in SQL Server, or let us do some preparations. Start SQL Server and SQL Server Agent Services. Perform a script file called InstallsqlState.sql in SQL Server. This script file will create a database that is used to store session information in SQL Server, and a SQL Server Agent Job Maintaining the Session Information Database. We can find that file in the following path: [System Drive] /Winnt/MICROFT.NET/Framework/ [Version] /
Then open the query analyzer, connect to the SQL Server server, open the file just now and execute. Wait a moment, the database and homework are established. At this time, you can open the Enterprise Manager and see a new database called AspState. But this database is just some stored procedures, no user tables. In fact, the session information is stored in the ASPSTATETEMPSESSIONS table stored in the TEMPDB database, and another ASPSTATETEMPAPPLICATIONS table stores Application object information in the ASP. These two tables are also established by the script just now. Also view the management -> SQL Server Agent -> Job, found that there is also a job called aspState_Job_DeleteExpiredSssions, which actually deletes expired session information in the ASPSTATETEMPSESSIONS table per minute.
Then, we return to the web.config file, modify the value of MODE to SQL Server. Note that the value of SqlConnectionstring is also modified at the same time, the format is:
SqlConnectionstring = "data source = localhost; integrated security = sspi;"
Where Data Source refers to the IP address of the SQL Server server. If SQL Server and IIS are a machine, 127.0.0.1 is OK. Integrated Security = SSPI means using Windows integration authentication, so that the access database will be performed as ASP.NET, and can be better secure than using the userid = sa; password = password SQL Server authentication mode better security Sex. Of course, if SQL Server is running on another computer, you may need to maintain the consistency of both sides through the Active Directory domain.
Similarly, let us do a test. Add session information to sessionState.aspx, then the session information already exists in SQL Server, even if you restart your computer, the SESSION information just not lost. Now, you have already seen the SESSION information in the end, and it is stored in SQL Server, you can do what you play, haha.
Summary Through this article, you can see the management and maintenance of the session, ASP.NET has made great progress than ASP, and we can choose the appropriate method more casual. For enterprise-class applications, this is undoubtedly beneficial to the server's synchronization, the server's stability, and reliability. I believe that under powerful Microsoft support, the new generation of e-commerce platform will be built!