Presentation is loading. Please wait.

Presentation is loading. Please wait.

STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.

Published byEarl Gilmore Modified over 8 years ago

Similar presentations

Presentation on theme: "STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state."— Presentation transcript:

1 STATE MANAGEMENT

2  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state management, when applied to a Web application, refers to the application's capability to remember the values a user enters across multiple pages, or screens.  Developers use state management techniques to store information between separate page requests. State Management options can be divided into two categories : Client-Side State Management Server-Side State Management

3 Client - Side State Management Client- side ViewstateCookiesQueryString Hidden Fields

4 Server - Side State Management Session State Application State Server Side

5 VIEWSTATE  This is the default method that the page uses to preserve page and control property values between round trips.  View State can be used to store state information for a single user  It stores information submitted through form and works between requests of the same page  The values written in the server control is passed as a variable to an HTML hidden input field _VIEWSTATE.  Each web page and the controls on the page have the EnableViewState property  The view state is implemented with a hidden form field called _VIEWSTATE, which is automatically created in every web page  We can store data in the VIEWSTATE(“Any Name”)

6 ADVANTAGES :  Simple for page level data  Enhanced security features,like it can be encoded and compressed.  No server resources are required  Simple implementation DISADVANTAGES :  Performance Consideration : Makes a page heavy as it consumes more memory  Potential security risks

7  Can be used to store page specific information  Can be used to store small amount of data  A hidden field stores a single variable in its value property and must be explicitly added to the page  Do not store any information in a hidden field that is sensitive or that your application relies on to work properly ADVANTAGES :  No server resources are required  Widespread Support  Simple implementation HIDDEN FIELDS

8 DISADVANTAGES :  Performance Considerations  Potential security risks  Storage Limitations

9  Query strings are usually used to send information from one page to another page. They are passed along with URL in clear text.  Most browsers impose a limit of 255 characters on URL length. We can only pass smaller amounts of data using query strings.  For eg. In fist page you collect information about your client, her name and last name and use this information in your second page  One choice is using QueryString property of Request object ADVANTAGES :  No server resources are required  Simple implementation  Widespread Support QUERYSTRING

10 DISADVANTAGES :  Limited Capacity : Most browsers impose a limit of 255 characters on URL length. We can only pass smaller amounts of data using query strings.  Potential security risks

11 COOKIES  A Cookie is a small piece of data that is saved in the client web browser  The Cookie is saved either in the memory of the web browser or as a text file in the file system of the client  Cookies can be temporary (with specific expiration times and dates) or persistent  Cookies are used to identify a user, to store state information, preferences of the user  Cookies are saved on client machine and when the browser requests a page, it sends the information in the cookie along with the request information  The server can read the cookie and extract its value  Cookies should be used only to store non-sensitive data

12 How does Cookies Mechanism works?  The mechanism of cookies is simple. When a client request a web page from a server the first request isn't containing a cookie  The server identify that the client has no cookie and generate one  Then the server sends the cookie to the client and from now on then client will send the cookie in every request and the server will send the cookie in every response

13 COOKIES LIMITATIONS  Most browsers support cookies of up to 4096 bytes. This limitation makes the cookies a way to store only small amount of data  Total 20 cookies can be used on a single website; if you exceed this browser will delete older cookies.  The user can set the browser to disable cookies and therefore you can’t trust cookies and you always have to check if the browser enables cookies

14 Creating / Writing Cookies There are many ways to create cookies : Way 1 (by using HttpCookies class) : Dim aCookie As New HttpCookie("UserName") aCookie.Value = TxtName.Text aCookie.Expires = DateTime.Now.AddDays(-1) Response.Cookies.Add(aCookie) Way 2 (by using Response directly) : Response.Cookies("UserName”).Value = TxtName.Text Response.Cookies(“UserName”).Expires = DateTime.Now.AddDays(-1)

15 Reading/Getting Cookies To read a cookie value from the client use the Request.Cookies property Eg: (1)If Not Request.Cookies(“UserName”) IsNothing Then Response.Write(Request.Cookies(“UserName”).value) End If (2) If Not Request.Cookies(“UserName”) IsNothing Then Dim aCookie As HttpCookie = Request.Cookies(“UserName”) Response.Write(aCookie.value) End If

16 Set Expire Date  If you do not set the cookie’s expiration, the cookie is created but it is not stored on the user’s hard disk  Instead the cookie is maintained as part of the user’s session information. When the user close the browser, the cookie is discarded  Response.Cookies(“UserName”).Expires = DateTime.Now.AddDays(1) Delete Cookies  In order to delete a saved cookie you need to use the expires property and pass a past expiration date  There is no way to delete a cookie otherwise  Response.Cookies(“UserName”).Expires = DateTime.Now.AddDays(-1)

17 Server - Side State Management

18 SESSIONS  A Session is the time for which a particular user interacts with a web application  Every Client that uses the application will have separate sessions  During a session the unique identity of the user is maintained internally  ASP.NET session state provides a place to store values that will persist across page requests  Values stored in session are stored on the server and will remain in memory until they are explicitly removed or until the session expires

19 What’s the use of sessions?  Sessions helps to preserve data across successive accesses  These can be done on a per user basis, via. the use of session objects  Session objects gives us the power to preserve user preferences and other user information when browsing a web application  When a user visits the site and a session is started, the computer generates a unique ID for that user, which is used to keep track of each user sessions Syntax: Store Value : Session(“KeyName”) = value Eg: Session(“Name”) = “ASP.NET” Fetch Value : Variable_Name = Session(“KeyName”) Eg: Dim nm as String nm = Session(“Name”)

20 Session-State Modes  InProc - (The Default) Session state exists within the process the web is using  StateServer - Session data is sent to the configured stateServer service  SqlServer - Session data is stored in the configured SQL Server database By default the session will be created within the same process that your website runs in(InProc) This is controlled by a setting in the web.config file

21 Commonly used session methods/properties - Method/PropertiesUsage Session.Abandon()removes the session and all items that it contains Session.Clear()removes all items from the session Session.RemoveAll()removes all items from the session Session.Remove(“item_name”)removes the item that was stored under the name “item_name” Session.TimeoutIf a user does not request a page of the asp.net application within certain minutes then the session expires Session.SessionIDGet the session ID read only property of a session for the current session

22 Sessions without Cookies  By default, ASP.NET uses cookies to store session IDs and keep track of users  If the browser doesn't support cookies ASP.NET uses the process known as cookie munging, in which at the end of each link, ASP.NET tracks on an encoded version of the sessionID  When a user clicks a link, ASP.NET grabs that string, decodes it, and passes it to the page the user is requesting.

23 APPLICATION STATE  ASP.NET allows you to save values using Application state, a global storage mechanism that is accessible from all pages in the web application  Application state is stored in the Application key/value dictionary  Application state is a great place to store information that is not user- specific  By storing it in the Application state, all pages can access data from a single location in memory, rather than keeping separate copies of the data  Data stored in the Application object is not permanent and is lost any time the application is restarted

24  ASP.NET provides three events that enable you to initialize Application variables(free resources when the application shut down) and respond to Application errors: 1.Application_Start : raised when the application starts. This is the perfect place to initialize Application variables 2.Application_End : Raised when an application shuts down. Use this to free application resources and perform logging 3.Application_Error : Raised when an unhandled error occurs. Use this to perform error logging

Download ppt "STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state."

Similar presentations

Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.

Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.

CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.

Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.
Session Management A290/A590, Fall 2014 09/25/2014.

Session Management A290/A590, Fall /25/2014.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.

Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
JavaScript, Fourth Edition

JavaScript, Fourth Edition
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.

Similar presentations

Ads by Google