Home

ASP ADVANCED

Using either sessions or cookies is risky because not all browsers support them.  The moment you use a cookie at your Web site, you'll receive complaints from countless individuals with obscure browsers who can't use cookies.

In this section, you learn some methods to retain state without cookies.  In other words, you learn how to retain information about a user from page to page.  Three methods are compared.

Retaining State with Query Strings

Chapter, "Working with More Than One Active Server Page," explains how to work with query strings.  You can add a query string to any hyperlink in your Active Server Pages.  By using query strings, you can pass information from page to page, as in this example:

<HTML>
<HEAD><TITLE> Query State </TITLE></HEAD>
<BODY>
<%
UserName=Server.URLEncode("Bill Gates")
%>
<A HREF="/nextpage.asp?<%=UserName%>">Click Here</A>
</BODY>
</HTML>

This script assigns the name Bill Gates to the variable named UserName.  The value of this variable is passed to the page nextpage.asp in the query string when the user clicks the hyperlink.

You can continue to pass the UserName from page to page by retrieving UserName from the QueryString collection.  For example, the page nextpage.asp might look like this:

<HTML>
<HEAD><TITLE> Next Page </TITLE></HEAD>
<BODY>
<%
UserName=Server.URLEncode(Request.OueryString("Username"))
%>
<A HREF="/nextpage.asp?<%=UserName%>">Click Here</A>
</BODY>
</HTML>

The advantage of this method of retaining state is that it works with all browsers.  Admittedly, however, it's very cumbersome.  If you want to be able to track the user on every page on your Web site, you must include a query string with every hyperlink on your Web site.  Every query string must contain the name of the user.

Another disadvantage of this method of retaining state is that it doesn't allow you to pass large amounts of data.  Remember, query strings can't be too large. When a query string becomes larger than about 1,000 characters, certain browsers either truncate the query string or fail to create a functioning hyperlink at all.

Retaining State with Hidden Form Fields

If you need to pass a large amount of data from page to page without using session variables, you have no choice but to use an HTML form.  You can hide the information you're passing by using a hidden form field, as in this example:

<HTML>
<HEAD><TITLE> Form State </TITLE></HEAD>
<BODY>
<%
UserName="Bill Gates"
%>
<FORM METHOD="Post" Action="/nextpage.asp">
<INPUT NAME="UserName" TYPE="HIDDEN" VALUE="<%=UserName%>">
<INPUT TYPE="SUBMIT" VALUE="Next Page">
</FORM>
</BODY>
</HTML>

This page includes an HTML form.  The form has a hidden field named UserName that contains the value of the UserName variable.  The form also contains one button.  When the button is clicked, the page nextpage.asp is loaded and the data in the hidden form field is passed to the new page.

You can continue to pass data from page to page in this way indefinitely.  On each page, you must use the Form collection of the Request object to retrieve the data in the hidden field.  Next, you must create a new hidden field so the data can be passed to a new page again.  Here's an example:

<HTML>
<HEAD><TITLE> Next Page </TITLE></HEAD>
<BODY>
<%
UserName=Request.Form("Username")
%>
<FORM METHOD="Post" Action="/nextpage.asp">
<INPUT NAME="UserName" TYPE="HIDDEN" VALUE="<%=UserName%>">
<INPUT TYPE="SUBMIT" VALUE="Next Page">
</FORM>
</BODY>
</HTML>

Combining Methods

Neither of these two methods of retaining state is particularly elegant.  However, these are the only alternative methods of retaining state without using session variables and cookies.  By using query strings and hidden form fields, you can preserve compatibility with all browsers.

If you need to track a user through every page on your Web site, you must include either a query string or a hidden form field on every page in your Web site.  As soon as a user clicks a naked hyperlink--a hyperlink without a query string--you can no longer track the user.

You can combine these two methods of retaining state.  For example, on some pages you can use a query string to pass the name of the user, and on other pages you can use a hidden form field.  If you do this, you don't need to check both the QueryString and Form collections on every page.  If you call the Request method without specifying the collection, both collections are automatically checked. Look at this example:

<HTML>
<HEAD><TITLE> Next Page </TITLE></HEAD>
<BODY>
<%
UserName=Request("UserName")
%>
<FORM METHOD="Post" Action="/nextpage.asp">
<INPUT NAME="UserName" TYPE="HIDDEN" VALUE="<%=UserName%>">
<INPUT TYPE="SUBMIT" VALUE="Next Page">
</FORM>
<A HREF="/nextpage.asp?<%=Server.URLEncode(UserName)%>">Click Here</A>
</BODY>
</HTML>

In this example, the variable UserName is assigned the name of the user regardless of whether the name was passed by a hidden form field or a query string.  The call to Request ("UserName") retrieves the value of UserName from either the Form or the QueryString collection.

Summary

In this chapter, you learned how to work with sessions.  You learned how to use the session object to create session variables that can be used to store information over multiple Web pages.  You learned how to create scripts that execute when a session starts and ends.  You also learned about a close relative of sessions--how to create and read cookies.  Finally, some alternative methods for retaining state without cookies were discussed.