INFO: ASP Requires Session State to Maintain Static CookiesID: Q184574
|
Active Server Pages (ASP) uses HTTP cookies to maintain session state. Under certain conditions the value of these session cookies will change. This article describes conditions under which session cookies are generated, and how to ensure that static cookies are created.
The Active Server Pages developer needs to understand how cookies work in
order to maximize performance and minimize unexpected results such as
losing session state. Each request made to ASP will trigger the creation of
a new SessionID cookie unless a Session variable is created in the
requested page or there is a Session_On_Start event handler in the
Global.asa file. By the same token, ASP will create unique SessionID
cookies when .asp files are used as the source for frames in a FRAMESET.
These multiple sessionid cookies may affect performance. If a session is
triggered by storing a scalar or object value to a session variable, but
the user moves out of or to another ASP application, then returns, the
original session object will be lost. This unintended result, too, can be
controlled by an informed Active Server Pages design strategy.
ASP will send a different ASPSessionID cookie (scoped to the application,
which is the virtual directory for the requested .asp file) for each and
every .asp file that is requested until Session state is triggered. Session
state is triggered once something is stored in a Session variable (a scalar
variable or an object instance), or the Session On_Start Event is fired in
the application's Global.asa file, the SessionID is fixed for that user
until the Session times out or is abandoned.
The reasons for this are that, by default, buffering is off for an ASP
page. This means that HTTP headers (that contain cookies) need to be
generated before any content (typically HTML) is sent out by the processing
of the .asp file. Another way of saying this is, an ASPSessionID cookie is
placed in the HTTP headers just in case there is going to be Session state
defined in the processing of the forthcoming .asp file.
If no Session state is defined, then the next .asp file request has the
same potential to start the Session by placing something in Session state
(this will make a new ASPSessionID since no Session has been started prior
to this request). If Session state is used, then the ASPSessionID remains
constant for the rest of the session.
NOTE 1: If the .asp page turns the Buffering property of the Response
object on (that is, Response.Buffer=TRUE), then ASPSessionID cookies are
not sent out with each .asp file request until Session state is used. This
is because the HTTP headers can be changed even after content has been
produced. So, as noted in the preceding two paragraphs, the reason the
ASPSessionID is created before the .asp file is processed is unnecessary
when buffering is ON.
NOTE 2: If you do not plan to use Session state for any application, then
you may use the Registry to turn it off for all applications. Documentation
on this registry entry can be found at
http://localhost/IASDocs/ASPDocs/roadmap.asp.
NOTE 3: You can stub out the Session On_Start event in the Global.asa file;
that is, no code is necessary between the beginning and end of that
subroutine.
NOTE 4: Under ASP 1.0b, additional difficulties can occur if full
permissions are not given to the Global.asa file. If individual .asp files
need finer access control lists, then store them in subdirectories beneath
the directory that contains the Global.asa file.
NOTE 5: ASP Hotfix 1.21.11 permits ACL restrictions on the Global.asa file.
Contact Microsoft Technical Support if you feel installing this hotfix is
necessary.
For additional information, please see the following article(s) in the
Microsoft Knowledge Base:
Q163010 HOWTO: Disabling Cookies Sent by Active Server Pages
Q178037 PRB: Session Variables Lost When ASP Is Located In Frameset
Additional query words:
Session, "Session state", cookies, ASP, application, buffering,
global.asa, Response
Keywords : kbASP kbASPObj kbInternet kbJScript kbGrpASP
Version : winnt:
Platform : winnt
Issue type : kbinfo Last Reviewed: May 27, 1999