Can be used to maintain data between sessions on a website. There are both request and response objects.
A set of biscuits. The request. A Cookie set is a series of cookies generated from the client and HTTP request 1.
Send to the Web server. On the contrary, if you want to send Cookie to the client, you can use R.
Response. cookie
1, expire absolute attribute
You can specify a date for this property after which Cookie can no longer be used. By giving Ex
You can delete Cookie by specifying an expiration date for the pires property. For example:
& lt%Response.cookies("passtime ")。 expire subsolute = " 1/ 1/99 " % >;
2. Domain attributes
This property defines the unique domain for Cookie transmission. For example, Cookie are only sent to Microsoft personnel.
You can use the following code.
& lt% response. Cookies ("domain"). domain = " www . Microsoft . com " % & gt;
The syntax used by 3.ASP to write cookies or send cookies to clients is as follows:
Response. Cookie ("cookie name"). [("key name"). Attribute] = Content.
If an ASP file wants to create a Cookie, the following code can be placed in the first position of the ASP file.
Before an < html >, in order to avoid making mistakes.
& lt% response. cookies(" CookieName ")= " new cookie " % & gt;
& lthtml & gt
......
& lt/html & gt;
4. Similarly, ASP uses the Cookie collection of the request object to read cookies, for example:
& lt%Response.write request. cookie(" CookieName ")% & gt;
Here is a complete example to illustrate Cookie:
& lt%
Size number
Num = request. cookie(" Visit _ num ")
If Num> then 0
Num=Num+ 1
Write "You are the first"&; Digital & "It's time to visit this website."
other
Write "Welcome to this website for the first time."
Num= 1
If ... it will be over.
Response. cookie(" Visit _ Num ")= Num
% & gt
In this example, first read the Cookies variable Visit_num to see if the client computer has it.
Cookies variable. If there is this variable, it means that the user has visited the page, and input and output access at the same time.
If the user visits this page for the first time, there will be no Cookies variable in his computer, and the program will
Display the word "welcome", and then save the Cookies variable Visit_num to the user's computer so that it can be used.
The next time the user visits this page, the information of "Number of Visits" will be given.
5.Cookie dictionary
Sometimes you may need to define many Cookies variables in one page. In order to manage it better,
The concept of a person's "subkey" is often introduced into Cookies. The syntax for quoting it is as follows:
Request. Cookies ("change name") ("subitem name")
Create a Dictionary named "dictionary" as the following Cookie, in which three key values are saved:
& lt%
Response. Cookie("info")("Myname")="jeff "
Response. Cookie("info")("Gender")= "male"
Response. cookie(" info ")(" my height ")= " 172 "
% & gt
In fact, the Cookie dictionary on the client exists as a string:
Jeff & Gender = Male. My height = 172
If the user directly refers to the Cookies variable without specifying the "subitem" name, it will return a containing.
Strings of all subitem names and values. For example, the above example contains three "subitems": "Mynam
E ","gender "and" my height ",when the user does not specify its" subkey ",directly through Request.Co.
Okies("info ") to reference, you will get the following string:
Jeff & Gender = Male. My height = 172
If you want to read all the data in the Cookie, you can use the following code to get it:
& lt% is used for each cookie in the request. biscuit
If it wasn't for cookies. So HasKeys
Write cookie & amp" = "& request. Cookies (cookies)
other
For each key in the request. Cookies (cookies)
Write cookies & "("& keys and keys. ”)”& amp" = " & amp
Request. Cookies (cookies) (keys)
then
If ... it will be over.
then
% & gt
2。 Session actually refers to the time from the visitor's arrival at a specific homepage to his departure. each
Visitors will get a session separately. In a Web application, when a user accesses the application,
Users can use the variable * * * of Session type to enjoy the data in all pages of the Web application; such as
If another user also accesses the Web application at the same time, he also has his own session variables, but there are two users.
You can't share information through the Session variable * * *, but the change of application type can realize the site.
Multiple users enjoy the information in all pages.
1, SessionID attribute
This property returns the unique symbol of the current session and assigns a different number to each session.
I once encountered the problem of controlling users during the development process. What it wants to achieve is that for a certain
A module of a website, when a member is reading this module after logging in, another person uses the same member.
Login, can't browse this module. In other words, a member name can only be viewed by one person at a time.
. I implemented the control by using member names (assuming UserID, unique) and SessionID. Become a member
When logging in, give this member a session record, for example: Session("Status")="Logged.
",and write a conversation at the same time. Copy the SessionID of this member to the database. When he wants to browse this module, first of all,
Judge whether to log in, and if so, judge whether its SessionID is the same as that recorded in the database.
If it is different, it cannot be accessed. In this way, when another user logs in with the same member name, the database
The new SessionID is recorded in, and the former cannot pass the check when accessing this module. This is realized.
A member name can only be viewed by one person at a time. This function is very special in some paid websites.
Function, which prevents the problem that a member name is browsed by many people and protects the interests of the company.
2. Timeout attribute
This attribute is used to define the time limit of the user session object. If the user does not brush his teeth within the specified time,
New web page, session object will be terminated. The default value is usually 20 minutes.
Step 3 give up the method
This method is the only method of the session object, which can clear the session object to eliminate the user's
Session object and release the resources it occupies. For example:
4.Session_OnStart and Session_OnEnd events
Like Application, the Session_OnStart event is triggered every time an object's routine is started.
, and then run the processing of the Session_Onstart event. That is, when the server receives the application.
This event is triggered when an HTTP request is made to a URL in a program and a session object is created. Again, this
Events must also be set in the Global.asa file.
When the meeting started. This will trigger if the method is abandoned or there is no refresh within the timeout.
Session_OnEnd event, and then execute the script inside. Session variables are associated with a specific user,
The session variables assigned to one user are completely independent of those of other users, which is not the case.
There will be interaction.
Session application column:
Like an application, an array defined as a session type can only treat the entire array as.
Object, users cannot directly change the values of elements in the session array. Create a session
On array, you need to define an ordinary array, assign initial values to each element, and finally define it.
Is a session array. For example:
& lt%
Dim array ()
Array=array ("Jeff", "Zhu", "Male")
Session ("info ")= array
Response.write session ("info") (0)&; "-"
Response.write session ("info") (1); "-"
Response.write session ("info")(2) and" & ltbr >;
% & gt
& lthr & gt
& lt%
array(0)="jun "
array( 1)="li "
Array(2)= "female"
Session ("info ")= array
Response.write session ("info") (0)&; "-"
Response.write session ("info") (1); "-"
Response.write session ("info")(2) and" & ltbr >;
% & gt
The output of the above program is:
Jeff Zhu-male
_____________
Junlinv
How does a session work?
Session actually uses Cookies for information processing (see the introduction of cookies later).
When a user makes a request for the first time, the server creates a Cookie on the user's browser. When this
When the session ends, it actually means that this Cookie has expired.
The name of the Cookie created for this user is ASPSESSIONID. The sole purpose of this Cookie is to
Each user provides different authentication.
Note: If you are curious about a COOKIE named ASPSESSIONID, you can use ServerVariab.
Les collects COOKIE headers to receive this information, as shown in the following script:
& lt% = Request. server variables(" HTTP COOKIE ")% & gt;
You can refresh it several times, and the display results will remain unchanged. If you want one,
For more information, see chapter 14.
The session variable itself does not exist in the user's browser. However, this cookie ASPSESSIONID needs
Use session variables. The server uses ASPSESSIONID.
Cookie are used to associate specific users with specific session information. No cookies, serve.
R doesn't know the information that every specific user moves in the website.
Use SessionID variable to store ASPSESSIONID.
Cookies are very different from assigning values directly to cookies named ASPSESSIONID. Microsoft uses a complex
Various mathematical algorithms encrypt SessionID to prevent hackers from guessing the value of SessionID.
And according to this, you can get the identity or authority you don't deserve.
Note: SessionID can be blocked in two ways, one is to block the whole station, and the other is
Filter a single active server page accordingly.
If you want to block the session operation of the whole site, you can use Internet service.
Manager. In the Application Settings dialog box, click Active Server.
Page table and deselect the Enable Session State option.
You can also block a specific Active Server Page by adding a statement to its first line.
Work.
& lt% EnableSessionState = False % & gt
Because the Session object uses Cookies, its compatibility is limited, and it is often browsed.
Browsers are obviously not enough, and new browsers such as NetScape4.0 also provide the option to block Cookie.
This is a problem. Because Cookie can't be applied to all browsers, you must pay attention when building a website.
I see. If your website is aimed at the general public, you must consider different user situations. But now
There are indeed alternative methods now, and some methods to replace Cookies for identity authentication will come later.