当前位置: 首页 > 图文教程 > 网络编程 > ASP > javascript asp教程第十二课---session对象

ASP
生成像资源管理器一样的树形目录
将连接数据库的代码隐藏在DLL中
ASP中从数据库读取二进制文件数据代码
asp查询xml的代码,实现了无刷新、模糊查询功能
一个asp函数, 解决SQL Injection漏洞
在ASP中利用COM组件开发Web应用程序
关于如何利用COM+,来提高ASP执行权限的问题!
升级MD5.ASP,打造完全动态不重复的安全加密代码
ASP安全检测与过滤函数SafeCheck
在ASP中,用JScript脚本实现分页的另类办法
查看服务器Application/Session变量工具
自己写的一个简单ASP调用存储过程查询
ASP登陆验证页应做的安全问题
使用ASP与javascript配合实现多个复选框数据关联显示
Windows 2003下不注册组件用ASP发邮件
数据分页方法新思路,速度非常快!
ASP程序中同一个用户不允许同时登陆两次
分栏显示记录集的表格演示,并实现了分页
关于Adodb.Stream的写数据库数据到客户端文件的实践
将ASP的Debug变得简单的两个函数

ASP 中的 javascript asp教程第十二课---session对象


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-13   浏览: 252 ::
收藏到网摘: n/a

Overview:

The Session Object is how you track a single user across many pages. It has four (4) properties, two (2) collections, one (1) method, and two (2) events.

Get Started:

In this series of examples we will create a password system. We will use the Session Object to track whether or not a user is authorized to view certain pages. Below are several scripts for lesson12. Look at them, play with, and then read the explanations that come further down the page.

<%@LANGUAGE="JavaScript"%>
<%
//No ASP Here, just a regular HTML Page
%>
<HTML>
To play along with our password page, put in a user name and a password.<BR>
<BR>The correct user name is <I>guest</I>.<BR>
And the correct password is also <I>guest</I>.<BR>
<FORM METHOD="post" ACTION="script12a.asp">
User:<INPUT TYPE="text" SIZE="9" NAME="userName" VALUE="guest"><BR>
Pass:<INPUT TYPE="password" SIZE="9" NAME="userPassword" VALUE="guest">
<BR>
<INPUT TYPE="submit" value="Login">
</FORM>
</HTML>

Click Here to run script12.asp in a new window. Below is script12a.asp.

<%@LANGUAGE="JavaScript"%>
<%
var userName=new String(Request.Form("userName"))
var userPassword=new String(Request.Form("userPassword"))
if (userName=="guest" && userPassword=="guest")	{	Session("Authorized")=true	Response.Redirect("script12b.asp")	}
else	{	Session("Authorized")=false
%>
<HTML>
You did not supply the correct Name & Password.<BR>
<A HREF="script12.asp">Click here</A> to log in.
</HTML>
<%	} //end else statement
%>

We'll skip over script12b.asp entirely because it's almost exactly the same as script12c.asp. Down below is script12c.asp.

<%@LANGUAGE="JavaScript"%>
<%
if (Session("Authorized")!=true)	{
%>
<HTML>
You are not an authorized user.<BR>
<A HREF="script12.asp">Click here</A> to log in.
</HTML>
<%	}
else	{
%>
<HTML>
The <B>second</B> of two pages that are password protected.<BR>
<A HREF="script12d.asp">Click Here</A> to log out.
</HTML>
<%	} //end of else statement
%>

Above is script12c.asp, which is the second of two password-protected pages. Below is script12.asp, which is the logout page.

<%@LANGUAGE="JavaScript"%>
<%
if (Session("Authorized")!=true)	{
%>
<HTML>
You are not an authorized user.<BR>
<A HREF="script12.asp">Click here</A> to log in.
</HTML>
<%	}
else	{	var SessionID=Session.SessionID	Session.Abandon()
%>
<HTML>
You have sucessfully logged out.<BR>
This was session <%=SessionID%>.<BR><BR>
Now try a link to one of the
pages you've already visited.<BR><BR>
<A HREF="script12b.asp">script12b.asp</A><BR>
<A HREF="script12c.asp">script12c.asp</A><BR>
<A HREF="script12d.asp">script12d.asp</A><BR>
</HTML>
<%	} //end of else statement
%>

A Quick Explanation:

After all that, the last thing you want to see is another grey box full of code. Sorry to do it one more time but, the keystone to this system is in script12a.asp. I've reprinted it down below.

if (userName=="guest" && userPassword=="guest")	{	Session("Authorized")=true	Response.Redirect("script12b.asp")	}

Any page can now be turned into a password protected page with the following line: if (Session("Authorized")!=true). Session Variables are part of the Session Collections. Let's talk about them.

Session Collections:

The two Session Collections are Session.Contents and Session.StaticObjects. They parallel the Application.Contents and Application.StaticObjects.

Using Session.Contents("someVariable")="someValue" we can set Session Variables. These variables allow us to carry values from one page to the next. Since Contents is the default collection we can use a little shortcut. It goes like this: Session("someVariable")="someValue".

The shortcut is what you saw in the scripts above.

Session.Contents has two methods of its own. They are Session.Contents.Remove("variableName") and Session.Contents.RemoveAll().

We did not demonstrate StaticObjects in the scripts above. It comes in the form of the <OBJECT> flag (set for Session scope).

No Sharing:

Remember how Application variables could be shared by all viewers on your ASP web site? That's not so with Session Variables. They are private; Session Variables are to be accessed only by one user.

Session.Abandon( ):

My bet is you could figure out Session.Abandon() without any explanation. However, let me just state for the record that Session.Abandon() ends the user's session and releases the Session Variables from memory.

Session Properties:

Let's briefly discuss two properties you are not likely to use. Session.CodePage lets you call for foreign character sets, like Chinese or Russian. Session.LCID is a location identifier. It determines the time zone and language for the server. Don't mess with it.

Now let's move on to something you might actually use from time to time. Session.SessionID is a read-only property generated by the server, and assigned to one specific user during one specific session. The SessionID follows the user from the beginning of the session until the end.

Session.Timeout is the number of minutes that a user can be idle before the Server ends the user's individual session and reclaims the memory that was allocated to Session Variables. (Session.Timeout is demonstrated in the global.asa in lesson 10.)

Session Events:

The two Session events are Session_OnStart() and Session_OnEnd(). These events are accessed in the global.asa. You can see an example of global.asa in lesson 10.