Escolar Documentos
Profissional Documentos
Cultura Documentos
In information processing, a state is the complete set of properties transmitted by an object to an observer. An information system or protocol that relies upon state is said to be stateful. One that does not is said to be stateless. Or:
Stateful: the state is maintained at different times in a process. For example, phone calls are stateful. Stateless: the state cannot be maintained at different times in a process. For example, HTTP is stateless.
HTTP servers treats each request as an independent transaction that is unrelated to any previous or subsequent requests. HTTP itself does not provide mechanisms to maintain state information for each request/response. Application level statement management is needed.
2
Database, File, Session (In-Process Session (SqlServer Mode), Application Mode) Persistent cookie Session cookie. URL parameter (URL rewriting), Hidden Field
3
Client side
If the state management information is stored on the server, the server stores the information, but tracks the client by a unique session id, using a client-side state management technique.
4
Features
Doesn't use server resources. More data is transmitted every time. Usually for simple type data. Limited security.
Basic options
HiddenField: HTML hidden fields store data without displaying that data (still accessible in HTML source code). This data is sent back to the server in HTTP post. ViewState: ViewState is an ASP.Net feature used to track control values between page post-backs. Custom values can be added to view state. Cookies: cookies store information on the client computer. The browser sends them to the server with every page request. Cookies are the best way to store state data that must be available for multiple Web pages on an entire Web site. Query strings (URL parameter): these values are visible and can be changed by users.
5
ViewState
Example
Store a value in the ViewState.
Retrieve a value in ViewState using the parameter name. Note that the value retrieved is a generic Object. Need to cast to appropriate type.
int clicks=Int32.Parse(ViewState["clicks"].ToString()); clicks++; this.Label1.Text = "<h2>Button 1 has been clicked "+clicks+" time(s)</h2>"; ViewState["clicks"] = clicks;
}
7
Cookies
A HTTP Cookie is a small piece of textual information stored by the browser on the client computer. Cookie facts
Cookie is a name-value pair text Cookie is sent with HTTP headers Cookie is stored on the client side, but users can reject or delete cookies. Cookie has restrictions (number, size, duration, domain, path, etc.)
Each cookie can be given an expiry (expiration date/time); it will be deleted by the browser after it expires.
Session cookies are not saved to the local computer disk; it only exists in the memory for the duration of the browser.
Session cookies expire when the browser window is closed Session cookies may be shared by multiple browser windows that share the same session. In this case, all related browser windows need to be closed. Commonly, cookies without expiry set will be treated as session cookies
9
Session Cookie
ASP.Net
Response to set session cookies Subsequent requests: Cookie is sent with HTTP header
Cookies expire at a certain time: persistent cookies has a defined expiration date/time; session cookies expire when the browser is closed.
10
System.Web.HttpCookie is the class that provides functionalities to work with cookies Set a cookie
HttpCookie cookie1 = new HttpCookie("clicks", 1); cookie1.Expires = DateTime.Now.AddDays(7); Response.Cookies.Add(cookie1);
This makes the cookie a persistent cookie for 7 days.
Read a cookie
Delete a cookie
Set the expiry earlier than current time (client time) will instruct the browser to delete the cookie.
recookie1.Expires = DateTime.Now.AddYears(-30);
11
Persistent cookies are often used to save user preferences or convenience information on a private computer
Provide users with the options to save information for convenience on their private computers. For example, https://zimbra.spsu.edu/
Note
Persistent cookies are saved even the computer is shut down, a unique feature that can provide convenience.
URL parameter
Use when you are transferring small amounts of information from one page to another and security is not an issue.
You can use query strings only if you are requesting the same page, or another page via a link.
13
Server Side
State information can also be saved on the server side (in server memory or other processes). Features
Server-side options for storing page information typically have higher security than client-side options they can use more Web server resources, which can lead to scalability issues when the size of the information store is large. More complex data types (such as objects, collections, ADO.Net) can be stored.
Choices
14
Session
Session
A serial of consecutive and related requests and responses between the server and a client, in a certain duration and scope. These requests and responses in the same session share information stored on the server side. The same session can span multiple browser windows or tabs
Session id
Each current active session is identified by a unique ID (session id), which is passed with every HTTP request Session ids can be sent with a session cookie or part of a URL Session id reuse: see http://support.microsoft.com/kb/899918
Session duration
The session duration is set by the server. A session expires when there is no activity for a certain amount of time (idle time). Client computers can also end a session by abandoning the session id
15
Client Browser
1st request
2. Response: session id is set
Session Cookie
ASP.Net
Put data into memory Read data from memory
16
Session data are stored in a System.Web.SessionState.SessionStateItemCollection object which is exposed through the HttpContext.Session property. In an ASP.NET page, the current session variables are exposed through the Session property of the Page object (this.Session). Store data in session
Session variables can be any valid .NET Framework type.
int clicks=1; PostItem pitem = new PostItem(); this.Session["clicks"] = clicks; Session variables are indexed by the name of this.Session["item"] = pitem; the variable or by an integer index. There is no
Session.SessionID
Session.IsNewSession
Session.Mode
The default is InProc, where session state is stored in memory of ASP.NET worker process.
Session.Timeout
Session.Abandon()
Reference
http://msdn.microsoft.com/en-us/library/ah635ck5(v=VS.100).aspx
18
Application
ASP.NET Application state is a global storage mechanism for data that needs to be accessible to all pages and users in a Web application.
Application works in a similar way as Session, only in a bigger scope. Session state is specific to a single user session, while application state is shared by all users and sessions within the same application context (an application is defined by ASP.Net and IIS).
Duration
Data stored in the Application object is not permanent. It is temporarily held in memory on the server. Application state can be lost any time the application is restarted. For example, IIS might restart your ASP.NET application.
Usage
Application state is a great place to store small amounts of often-used data that is not user-specific but is global in nature, for example, a counter of user visits (sessions).
20
Application state is stored in an instance of the HttpApplicationState class that is provided through the Page.Application property. Save information to Application
int clicks=1; PostItem pitem = new PostItem(); this.Application["clicks"] = clicks; this.Application["item"] = pitem;
Application context can store any valid .NET Framework type.
Session
High
Server defined duration: usually 20 minutes to a few hours. Session ends typically because of timeout or browser closure. All pages in the same application, for a single user and computer. Use server resources; minimum network resource. Temporary data between page transition in a highly interactive session: shopping, chatting, user login status, etc.
Cookie
Low
Simple Persistent cookie can stay on client computers much longer, even the computer is shut down. Bigger. Scope can be defined at directory or domain level. Use client resources; use more network resources. User preferences, activity tracking, convenience
Scope
Official recommendations
http://msdn.microsoft.com/en-us/library/z1hkazw7(v=VS.90).aspx22
User authentication
Maintain the authenticated status until logout. Remember users and user information
Background, text size, theme, etc. Remember browser type and settings
Activity tracking
Search/browsing history, visit counter, shopping cart, shopping list, etc. Record user input and choices in a multi-step (page) process, for example, survey, application form, etc.
23
Summary
Key Concepts
State: stateful, stateless Server-side and client-side state management HTTP cookie: persistent cookie, session cookie Session Application
Key skills
Use cookies to store information between requests Use server session or application to store information between requests Understand the differences between state management techniques and be able to choose the appropriate one for various situations. Apply the concepts and basic techniques to some common web applications: user authentication, customization, shopping cart, activity tracking, etc.
24
http://msdn.microsoft.com/en-us/library/75x4ha6s(v=VS.90).aspx
http://msdn.microsoft.com/en-us/library/ms178194(v=VS.90).aspx
http://msdn.microsoft.com/en-us/library/ms178581(v=VS.90).aspx
http://msdn.microsoft.com/en-us/library/z1hkazw7(v=VS.90).aspx
http://www.beansoftware.com/ASP.NET-Tutorials/Understanding-StateManagement.aspx
25