CLICK HERE TO DOWNLOAD PPT ON State Management Techniques
State Management Techniques Presentation Transcript
1.** State Management Techniques**
2.HTTP Protocol and the Need for State Management Techniques
Hyper Text Transfer Protocol (HTTP) is a communication protocol which is implemented in the "World Wide Web(WWW)".
A request/response style protocol. Clients (browsers, spider, etc) will request to a server (web server) and the server responds to these requests.
HTTP uses TCP protocol for communication. It connects to a specific port (default is 80) to the server and communicates via that port. Once the response is received completely Client programs will be disconnected from the server.
Hyper Text Transfer Protocol (HTTP) is a communication protocol which is implemented in the "World Wide Web(WWW)".
A request/response style protocol. Clients (browsers, spider, etc) will request to a server (web server) and the server responds to these requests.
HTTP uses TCP protocol for communication. It connects to a specific port (default is 80) to the server and communicates via that port. Once the response is received completely Client programs will be disconnected from the server.
3.For each request, client programs have to acquire a connection with servers and do all the request cycles again.
ASP.NET files are just text files which will be placed in the server and served upon the request. When a request comes for a page, the server will locate the requested file and ask the ASP.NET engine to serve the request.
The ASP.NET engine will process the server tags and generate HTML for it and return back to the client. HTTP is a stateless protocol and the server will abandon the connection once the request is served.
ASP.NET files are just text files which will be placed in the server and served upon the request. When a request comes for a page, the server will locate the requested file and ask the ASP.NET engine to serve the request.
The ASP.NET engine will process the server tags and generate HTML for it and return back to the client. HTTP is a stateless protocol and the server will abandon the connection once the request is served.
4.Cookies
Cache
ViewState
QueryString
Session state
Application state
Cache
ViewState
QueryString
Session state
Application state
5.State Management Techniques
6.QueryString
This is the most simple and efficient way of maintaining information across requests.
The information you want to maintain will be sent along with the URL.
A typical URL with a query string looks like
www.somewebsite.com/search.aspx?query=foo
7.QueryString
The URL part which comes after the ? symbol is called a QueryString.
QueryString has two parts, a key and a value. In the above example, query is the key and foo is its value. You can send multiple values through querystring, separated by the & symbol. The following code shows sending multiple values to the foo.aspxpage.
8.Cookies
A cookie is a small file which is stored in the visitor's hard disk drive. This is helpful for storing small and trivial information. According to the RFC [^] , a cookie can have a maximum size of 4KB.
The web server creates a cookie, attaches an additional HTTP header to the response, and sends it to the browser. The browser will then create this cookie in a visitor's computer and includes this cookie for all further requests made to the same domain.
Servers can read the cookie value from the request and retain the state.
This is the most simple and efficient way of maintaining information across requests.
The information you want to maintain will be sent along with the URL.
A typical URL with a query string looks like
www.somewebsite.com/search.aspx?query=foo
7.QueryString
The URL part which comes after the ? symbol is called a QueryString.
QueryString has two parts, a key and a value. In the above example, query is the key and foo is its value. You can send multiple values through querystring, separated by the & symbol. The following code shows sending multiple values to the foo.aspxpage.
8.Cookies
A cookie is a small file which is stored in the visitor's hard disk drive. This is helpful for storing small and trivial information. According to the RFC [^] , a cookie can have a maximum size of 4KB.
The web server creates a cookie, attaches an additional HTTP header to the response, and sends it to the browser. The browser will then create this cookie in a visitor's computer and includes this cookie for all further requests made to the same domain.
Servers can read the cookie value from the request and retain the state.
9.The server adds the following to the HTTP header for creating a cookie value from the request and retain the state.
Set-Cookie: key=value
Set-Cookie: key=value
10.Session State
A cookie is very simple and is not suitable for sophisticated storage requirements. Session state is a workaround for this problem and it gives a method to keep more complex objects securely.
ASP.NET allows programmers to keep any type of objects in session. Data stored in session will be kept in server memory and it is protected as it will never get transmitted to a client.
Every client that uses the application will have separate sessions. Session state is ideal for storing user specific information.
A cookie is very simple and is not suitable for sophisticated storage requirements. Session state is a workaround for this problem and it gives a method to keep more complex objects securely.
ASP.NET allows programmers to keep any type of objects in session. Data stored in session will be kept in server memory and it is protected as it will never get transmitted to a client.
Every client that uses the application will have separate sessions. Session state is ideal for storing user specific information.
11.State Management Techniques
12.Values stored in sessions can be removed by several methods. The following table shows different methods used.
13.How Session Works?
ASP.NET maintains a unique id which is called as "session id" for each session. This id is generated using a custom algorithm and it is unique always.
Session id will be sent to the client as a cookie and the browser resends this upon each request.
ASP.NET uses this session id to identify the session object.
The following code shows how to get the session id
ASP.NET maintains a unique id which is called as "session id" for each session. This id is generated using a custom algorithm and it is unique always.
Session id will be sent to the client as a cookie and the browser resends this upon each request.
ASP.NET uses this session id to identify the session object.
The following code shows how to get the session id
14.NOTE:
If you haven't stored anything in the session, ASP.NET will generate a different session id for each request. Once a session has contents, the session id will not change.
Session id is the only information which is sent to the client about sessions. As said before, ASP.NET sends session id in a cookie named ASP.NET_SessionId.
But this will not work if cookies are disabled by the visitor. In such cases, ASP.NET passes session id through the URL.
This behaviour can be controlled by adding the following section to web.config file under thesystem.web section.
If you haven't stored anything in the session, ASP.NET will generate a different session id for each request. Once a session has contents, the session id will not change.
Session id is the only information which is sent to the client about sessions. As said before, ASP.NET sends session id in a cookie named ASP.NET_SessionId.
But this will not work if cookies are disabled by the visitor. In such cases, ASP.NET passes session id through the URL.
This behaviour can be controlled by adding the following section to web.config file under thesystem.web section.
15.Session Timeout
Each session will have a timeout value (default 20Mins). If the page is not getting any requests within the timeout limit specified, ASP.NET will assume that the user has left the application and it immediately terminates the session and fires the End event.
This helps the server to cleanup unused sessions and gives room for new requests.
Timeout value can be changed from web.config file or through code.
Timeout value is specified in minutes.
Each session will have a timeout value (default 20Mins). If the page is not getting any requests within the timeout limit specified, ASP.NET will assume that the user has left the application and it immediately terminates the session and fires the End event.
This helps the server to cleanup unused sessions and gives room for new requests.
Timeout value can be changed from web.config file or through code.
Timeout value is specified in minutes.
16.Where Session is Stored?
ASP.NET keeps the profile data in SQLServer database. If no
Databases are available in the project, it creates a database file in the app_data directory
When it is used for the first time. Profiles are implemented using the provider pattern.
ASP.NET keeps the profile data in SQLServer database. If no
Databases are available in the project, it creates a database file in the app_data directory
When it is used for the first time. Profiles are implemented using the provider pattern.
17.
.SQLProfileProvider is the default profile provider.
Profiles use windows authentication by default.
Profile object can be used with any authentication modes supported by ASP.NET.
Profile is very handy in many situations. However, it has the
following drawbacks:
It allows to keep only serializable types
Reading data from profile requires database access which can potentially like your application less performant. If your website uses profiles heavily,.
.SQLProfileProvider is the default profile provider.
Profiles use windows authentication by default.
Profile object can be used with any authentication modes supported by ASP.NET.
Profile is very handy in many situations. However, it has the
following drawbacks:
It allows to keep only serializable types
Reading data from profile requires database access which can potentially like your application less performant. If your website uses profiles heavily,.
18.You have to cache the results to avoid unncessary database calls.
This is a high level overview of profile. There are many other features:
Profile offers such as groups, anonymous access etc.
This is a high level overview of profile. There are many other features:
Profile offers such as groups, anonymous access etc.
19.ViewState
Data kept in Viewstate is serialized using LosFormater, a less
known class used for serialization.
LosFormatter is helpful to serialize simple types and it produces ASCII string representation of the object graph.
The following code shows using LosFormatter.
Data kept in Viewstate is serialized using LosFormater, a less
known class used for serialization.
LosFormatter is helpful to serialize simple types and it produces ASCII string representation of the object graph.
The following code shows using LosFormatter.
20.Conclusion
This article tackled the state management techniques used in ASP.NET. You have learned what is HTTP protocol and the need for state management. We discussed the stateless architecture of HTTP protocol and how a website works.
In the second section, we discussed QueryString and how it helps to maintain information across different pages. We also discussed about hackable URLs and some best practices for using it.
This article tackled the state management techniques used in ASP.NET. You have learned what is HTTP protocol and the need for state management. We discussed the stateless architecture of HTTP protocol and how a website works.
In the second section, we discussed QueryString and how it helps to maintain information across different pages. We also discussed about hackable URLs and some best practices for using it.
21.The third section discussed the usage of cookies. We have seen the pros and cons of cookies. We also discussed multi-valued cookies which helps to overcome the number of cookies a website can set. Security constraints and a practical example have also been discussed.
The next section discussed "Session state" which provides more sophisticated storage. We have seen how session works, session modes and best practices for using it. We have also discussed about session timeout and cookie-less sessions.
The next section discussed "Session state" which provides more sophisticated storage. We have seen how session works, session modes and best practices for using it. We have also discussed about session timeout and cookie-less sessions.
22."Application state" is discussed in the next section discussed about the events which are associated with session state and application state. We have seen a practical example where application state is very handy. Then we discussed about storing the state in static(shared in VB) variables. We have seen the lifetime of a static variables and how locking is used
Finally, we discussed viewstate hacking techniques and proved secured information should not be kept on viewstate. We discussed about the serialization class LosFormatter and how it works.
Finally, we discussed viewstate hacking techniques and proved secured information should not be kept on viewstate. We discussed about the serialization class LosFormatter and how it works.
Posts
0 comments