Web Application Development Advice & How To
Active Server Pages Development Advice & How To

Shining Star Services LLC
Shining Star Services
ASP.net Articles
HTML Tutorial
Auto-select an Element from a Menu or Scrolling List & Save Keystrokes!
ASP Driven DHTML Slider Menus REVISITED One Year Later! Part II
ASP Driven DHTML Slider Menus
ASP Driven HTML Outlines
Reusing Code with ASP Include Files and Subroutines
Hacker Query Check
.htr IIS Security Issue
Databases, Cookies
Functions to Open a Database Connection and Record Set
Setting Up and Using OraSession to Manage Your Oracle Database Objects
Storing Non-Durable Data for Cookie-less Sessions
Smart Popups
Javascript: Validate Numeric Fields
Javascript Confirm Form Submission
Javascript Dynamic Text Area Counter
Javascript: Check All and Uncheck All Check Boxes
Javascript Field Validations -- Client Side Scripting
Tree Select Demo
Adobe Extension Manager
Scandisk & Defrag Pointers
Standards & Style
Setting Up Your Own ASP Development Templates
Creating a Project Template for Estimations of Time, Tasks, and Resources
To Host or Not To Host
ASP Naming Conventions
HTML Naming Conventions & Visual Interdev HTML Generation
Working with and in spite of the Visual Interdev Design Mode
Commenting Your ASP Source Code
Reader Letters

Articles Home

Shining Star Services

Storing Non-Durable Data for Cookie-less Sessions
By Nannette Thacker - 08/20/1999

(This article assumes the reader is familiar with ASP development including record sets, query strings, and session variables.)

I have developed several Intranets and Extranets which require password entry membership validation. Throughout the duration of a user's visit, I may need to know several things about the user in order to continue to grant him/her access to other pages.

ASP has built-in Session objects which keep track of this quite nicely. However, the use of these objects depend on requiring the user to have cookies turned on in his/her browser. What happens if a client requires you to create a cookieless ASP application? How can you track the user's session from page to page? I'll show you how with a couple of simple include files.

First you'll need to decide what values you need to track from page to page. In this example, I have chosen to track only seven values.

When the user initially logs into your site, s/he is using a Form. The Form submission process passes the values entered to the "action=" page. Assume we have an HTML form field called "Alias" for keeping track of the user login name. You can retrieve the value entered into the Alias field by using Request.form("Alias"). However, how do you continue to pass the Alias value from page to page without a form on each page? This is where my include files and query strings come in handy.

Once the user has logged in with the alias and password, you use the Request.form("Alias") and Request.form("Password") field values to look up the record in your database table. If the search is successful, you then populate local variables from the database record set object like so:

   SessionID = rs("alias") 
   SessionType = rs("type")
   SessionLookup = SessionID
   SessionSplit = rs("splitscreen")   
   SessionCtr = rs("counter")
   SessionPost = ""
   SessionSQL = ""
You then want to create the query string which will be added to the command line URL's throughout the rest of your site. To easily do this for each page, create an include file which does this for you:

   <!--#include file="../include/sendvars.asp" -->
The include file contents are:

sendvars = _
   "?ID=" & SessionID & _
   "&TYPE=" & SessionType & _
   "&POST=" & SessionPost & _
   "&SPLIT=" & SessionSplit & _
   "&CTR=" & SessionCtr & _
   "&LOOK=" & SessionLookup & _
   "&CMD=" & Replace(SessionSQL," ", "%20")
Another include file you'll need to create will actually retrieve the values from the query string via a Request and populate the local variables with the Request values. It is important to use local variables in case you need to change these values on a given page.

<!--#include file="../include/getvars.asp" -->
Again, the contents of the getvars.asp include file stores the request variables into local variables and calls the sendvars.asp file in order to create the query string:

SessionID = Request("ID") 
SessionType = Request("TYPE")
SessionPost = Request("POST")

if Request("SPLIT") <> "" then
   SessionSplit = Int(Request("SPLIT"))
   SessionSplit = 0 
end if

if Request("CTR") <> "" then
   SessionCtr = Int(Request("CTR"))
   SessionCtr = 0 
end if
SessionLookup = Request("LOOK")
SessionSQL = Replace(Request("CMD"),"%20", " ") 
<!--#include file="../include/sendvars.asp" -->
In effect, this is what you are doing:
  • Storing the local variable
  • Passing it to the next URL in the query string
  • Retrieving it from the query string
  • Manipulating it as needed
  • Passing it to the next URL in the query string
  • and so on...

For each link contained on your site, you need to add the query string, as shown below.

<a href="/jw/menu/mainmenu.asp<%=sendvars%>">Main Menu</a><br>
At the top of each and every page on your site, you will need to include this file:

<!--#include file="../include/getvars.asp" -->
Since getvars.asp already includes the sendvar.asp file, you do not need to repopulate the query string UNLESS you make alterations to any of the data in those values.

For instance, on one of my pages, I had two links which required different query strings. In order to alter the query strings, I changed the needed variable, and again called the include file to repopulate the "sendvars" query string value. As an example, in the below code, I want to call the same asp page, but I want to pass an "R" if the user is posting a resume, and a "J" if the user intends to post a job. After I change the SessionPost value, I again populate the query string via the sendvars.asp file, and then create my hyperlink tag.

<%SessionPost = "R" %>
<!--#include file="../include/sendvars.asp" -->
      <a href="/jw/post/post_add.asp<%=sendvars%>">
      Post a New Resume</a><br>

<%SessionPost = "J" %>
<!--#include file="../include/sendvars.asp" -->
      <a href="/jw/post/post_add.asp<%=sendvars%>">
      Post a New Job</a><br>
You can make this entirely functional by creating ASP functions within the two include files, then call the appropriate function instead of calling the include file each time you wish to update the query string stored in the sendvars.asp file.

This method does not allow for security however, because the user could tamper with the data being passed and override the values you populated from the table. You could make this more secure by passing the alias and password on each page. One drawback is that this would display the user's password for any bypassers to see. Also, you would then have to look up the alias and password in the database each time you allowed the user to view or save secure information -- a method which would cost in performance.

IE 4.0 and IE 5.0 have some cool new features, beyond the scope of this article, for tracking sessions, however these are browser dependent and I don't think the general public is ready for a complete IE 5.0 driven web site this year.

So in conclusion, I'll stick to using Session variables to control my nondurable state and databases to store my durable state.


ShiningStar.net | ShiningStarSingles.com | Christian911.com