The ASP Session Object
By Stephen Bucaro
The period during which a visitor is at your website is called a "session". When
a visitor retrieves their first page from your website, ASP creates a session object.
A session object is associated with each user (each web browser) while they are
interacting with your website.
Variables can be declared at the session level. Below is an example of how to
declare a session level variable.
Session("variable_name") = "Some text"
A variable declared at the session level is visible to, and can be accessed by
any webpage visited during a session. You can use the session object to store
information related a specific visitor. You can store information like the user's
login status, website personalization parameters, or shopping cart contents in a
session level variable.
If the visitor does not interact with your website again within a certain period,
the session is considered closed and the session object is destroyed. That time
period is the session timeout set in IIS using the Internet Service Manager (ISM).
The session object provides an event that is triggered when the session starts and
when the session ends. ASP provides access to these events through a special file
named "global.asa". The contents of the global.asa file is shown below.
<script language=VBScript runat=server>
The session object relies on browser cookies. ASP creates a session cookie the
first time a user accesses your website. If the user disables cookies in their browser,
you cannot track their session with the session object.
still track the user through query strings or through form elements.
Only the SessionID is stored in the cookie, and it's encrypted. Any other
session level variables that you define are stored on the server.
You can enable and disable the session object on a page by page basis. The statement
below disables the creation of the SessionID cookie for the page containig the statement.
< @ enablesessionstate = false %>
You can also disable the session object in ISM. If Session State is disabled
in ISM, you can't re-enable it for a particular page.
You might disable session tracking if you don't use it. This will cause your webpages
to load faster and increase trust with your visitors. However, be sure to consider the
impact on your server log of disabling session tracking.