UNIT IV -ASP & Session Tracking

ASP – Working of ASP – Objects – File System Objects – ADO – Access a Database from ASP
– Server side Active-X Components – HTTP GET and POST requests – session tracking –
cookies.
Exercise: Programs using DOM and SAX parsers.
--------------------------------------------------------------------------------------------------------------------
ASP
 ASP stands for Active Server Pages
 ASP is a Microsoft Technology
 ASP is a program that runs inside a web server
 An ASP file has the file extension ".asp"
 An ASP file is just the same as an HTML file
 An ASP file can contain server scripts in addition to HTML
 Server scripts in an ASP file are executed on the server
 ASP and ASP.NET are server side technologies.
 Both technologies enable computer code to be executed by an Internet server.
 When a browser requests an ASP or ASP.NET file, the ASP engine reads the file,
executes any code in the file, and returns the result to the browser.
<!DOCTYPE html>
<html>
<body>
<%
response.write("My first ASP script!")
%>
</body>
</html>
ASP can
 Edit, change, add content, or customize any web page
 Respond to user queries or data submitted from HTML forms
 Access databases or other server data and return results to a browser
 Provide web security since ASP code cannot be viewed in a browser
 Offer simplicity and speed
Working of ASP
 When a browser requests a normal HTML file, the server just returns the file.
 When a browser requests an ASP file, the server passes the request to the ASP engine
which reads the ASP file and executes the server scripts in the file.
 Finally the ASP file is returned to the browser as plain HTML.
The default scripting language in ASP is VBScript.
A scripting language is a lightweight programming language.
 VBScript is a light version of Microsoft's Visual Basic.
 ASP files can be ordinary HTML files. In addition, ASP files can also contain server
scripts.
 Scripts surrounded by <% and %> are executed on the server.
 The Response.Write() method is used by ASP to write output to HTML.
The following example writes "Hello World" into HTML:
Example
<!DOCTYPE html>
<html>
<body>
<%
Response.Write("Hello World!")
%>
</body>
</html>
To set JavaScript as the scripting language for a web page you must insert a language
specification at the top of the page:
Example
<%@ language="javascript"%>
<!DOCTYPE html>
<html>
<body>
<%
Response.Write("Hello World!")
%>
</body>
</html>

Objects- File System Objects

The FileSystemObject object is used to access the file system on a server.
This object can manipulate files, folders, and directory paths. It is also possible to retrieve file
system information with this object.
The following code creates a text file (c:\test.txt) and then writes some text to the file:
<%
dim fs,fname
set fs=Server.CreateObject("Scripting.FileSystemObject")
set fname=fs.CreateTextFile("c:\test.txt",true)
fname.WriteLine("Hello World!")
fname.Close
set fname=nothing
set fs=nothing
%>

ADO – Access a Database from ASP

 ADO stands for ActiveX Data Objects
 ADO is a Microsoft technology
 ADO is automatically installed with Microsoft IIS
 ADO is a Microsoft Active-X component
 ADO is a programming interface to access data in a database

To access a database from inside an ASP page,the common way is to:

1. Create an ADO connection to a database
 2. Open the database connection
3. Create an ADO recordset
4. Open the recordset
5. Extract the data you need from the recordset
6. Close the recordset
7. Close the connection

Before a database can be accessed from a web page, a database connection has to be established
If you have a database called "northwind.mdb" located in a web directory like "c:/webdata/", you
can connect to the database with the following ASP code:
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/webdata/northwind.mdb"
%>

The ADO Connection object is used to create an open connection to a data source. Through this
connection, you can access and manipulate a database.

Now we have to create an ADO Recordset.

Suppose we have a database named "Northwind", we can get access to the "Customers" table
inside the database with the following lines:
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/webdata/northwind.mdb"

set rs=Server.CreateObject("ADODB.recordset")
rs.Open "Customers", conn
%>

We can also get access to the data in the "Customers" table using SQL:
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/webdata/northwind.mdb"

set rs=Server.CreateObject("ADODB.recordset")
rs.Open "Select * from Customers", conn
%>

After a recordset is opened, we can extract data from recordset.

Suppose we have a database named "Northwind", we can get access to the "Customers" table
inside the database with the following lines:
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/webdata/northwind.mdb"

set rs=Server.CreateObject("ADODB.recordset")
rs.Open "Select * from Customers", conn

for each x in rs.fields

response.write(x.name)
response.write(" = ")
response.write(x.value)
next
%>

Display the Field Names and Field Values

We have a database named "Northwind" and we want to display the data from the "Customers"
table (remember to save the file with an .asp extension):
<html>
<body>

<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Provider="Microsoft.Jet.OLEDB.4.0"
conn.Open "c:/webdata/northwind.mdb"

set rs = Server.CreateObject("ADODB.recordset")
rs.Open "SELECT * FROM Customers", conn

do until rs.EOF
for each x in rs.Fields
Response.Write(x.name)
Response.Write(" = ")
Response.Write(x.value & "<br>")
next
Response.Write("<br>")
rs.MoveNext
loop

rs.close
conn.close
%>

</body>
</html>

Server side Active-X Components

 A server-side software module constructed as an ActiveX component that is stored on a
Windows client/server system or a Windows website. On a website, ActiveX Server Components
can be called from Active Server Pages.
ActiveX controls are another variation of components that can be used in Windows
programming environments. They are sometimes called OCX controls, after their file
extension. They have are visual and can be used in applications with a user interface and are
licensed to be used in distributed applications. They can be used in Microsoft Internet Explorer,
running with Javascript.
csXImage is an image editing control that has support for interfacing with TWAIN scanners.
csXGraph is a control for plotting and displaying simple bar charts, pie charts and line graphs.

HTTP GET and POST requests

The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients
and servers.
HTTP works as a request-response protocol between a client and server.
Example: A client (browser) sends an HTTP request to the server; then the server returns a
response to the client. The response contains status information about the request and may also
contain the requested content.
The GET Method
GET is used to request data from a specified resource.
Note that the query string (name/value pairs) is sent in the URL of a GET request:
/test/demo_form.php?name1=value1&name2=value2
Some notes on GET requests:
 GET requests can be cached
 GET requests remain in the browser history
 GET requests can be bookmarked
 GET requests should never be used when dealing with sensitive data
 GET requests have length restrictions
 GET requests are only used to request data (not modify)

The POST Method

POST is used to send data to a server to create/update a resource.
The data sent to the server with POST is stored in the request body of the HTTP request:
POST /test/demo_form.php HTTP/1.1
Host: w3schools.com

name1=value1&name2=value2
Some notes on POST requests:
 POST requests are never cached
 POST requests do not remain in the browser history
 POST requests cannot be bookmarked
 POST requests have no restrictions on data length

Compare GET vs. POST

The following table compares the two HTTP methods: GET and POST.
 GET POST

BACK Harmless Data will be re-submitted (the

button/Reload browser should alert the user that
the data are about to be re-
submitted)

Bookmarked Can be bookmarked Cannot be bookmarked

Cached Can be cached Not cached

Encoding type application/x-www-form-urlencoded application/x-www-form-

urlencoded or multipart/form-data.
Use multipart encoding for binary
data

History Parameters remain in browser history Parameters are not saved in

browser history

Restrictions on Yes, when sending data, the GET No restrictions

data length method adds the data to the URL; and
the length of a URL is limited
(maximum URL length is 2048
characters)

Restrictions on Only ASCII characters allowed No restrictions. Binary data is also

data type allowed

Security GET is less secure compared to POST POST is a little safer than GET
because data sent is part of the URL because the parameters are not
stored in browser history or in web
Never use GET when sending server logs
passwords or other sensitive
information!

Visibility Data is visible to everyone in the URL Data is not displayed in the URL
Session Tracking
A session starts when:
 A new user requests an ASP file, and the Global.asa file includes a Session_OnStart
procedure
 A value is stored in a Session variable
 A user requests an ASP file, and the Global.asa file uses the <object> tag to instantiate an
object with session scope
 A session ends if a user has not requested or refreshed a page in the application for a
specified period. By default, this is 20 minutes.
  If you want to set a timeout interval that is shorter or longer than the default, use
the Timeout property.
The example below sets a timeout interval of 5 minutes:
<%
Session.Timeout=5
%>

Cookies
A cookie is often used to identify a user. A cookie is a small file that the server embeds
on the user's computer. Each time the same computer requests a page with a browser, it will send
the cookie too. With ASP, you can both create and retrieve cookie values.

The "Response.Cookies" command is used to create cookies.

In the example below, we will create a cookie named "firstname" and assign the value "Alex" to
it:
<%
Response.Cookies("firstname")="Alex"
%>

The "Request.Cookies" command is used to retrieve a cookie value.

In the example below, we retrieve the value of the cookie named "firstname" and display it on a
page:
<%
fname=Request.Cookies("firstname")
response.write("Firstname=" & fname)
%>
Output: Firstname=Alex