Application and Session Objects in ASP


The application object applies to the life of the application, ie. whilst IIS is up and running. A session object exists for the life of each user session. The global.asa file is used to store variables and can be invoked as a result of application and session events. Application object stored variables are available to all users globally throughout the web site and session level stored variables are available on a session basis. Note that a page hit counter which counts all hits on a web site would have to be stored outside of the application in a disk file since whenever IIS is shut down the application is shutdown and thus IIS shut down will clear any application level variables stored in the application object.

The Application Object

The example below allows access to a variable called Title for all users.

<% Application("Title") = "Welcome to this Web Site" %>

Application level variables stored in the global.asa file can be protected from change by users by locking the variables as shown below.

<%
Application.Lock
Application("Title") = "Welcome to this Web Site"
Application.Unlock
%>

The application object has two events, a start and an end event. These events are triggered on startup and shutdown of the IIS virtual directory, ie. the web site.

The Session Object

Whilst a user is visiting the web site the user has a session in the web server. When the user first hits the web site the session object is created. The session object can be used to store information used by the user during that current session and also accessible in future sessions. Persitence for session objects can be performed byu utilising cookies. A session variable is stored as shown below.

<%
Session("Name") = "Joe"
Session("EmailAddress") = "joe@soap.com"
%>

The session object has four properties, one method and two events.

Session objects are stored for each client on first visiting a web site. ASP will persistently store the details of those sessions into a session cookie on the client machine. It is also possible to avoid creation of these session level cookies and thus the client will not have persistent information storage between web site visits as shown below.

<% EnabledSessionState = FALSE %>

Busy web sites should have session level cookies disabled. The Internet Service Manager software can also be used to override session level persistent storage.

The global.asa File

The global.asa can be used to store procedures and functions which operate on application and session level objects, such as the application and session object start and ending events. Note that all script items contained in the global.asa file must be enclosed within SCRIPT tags and not <% and %> tags.

<SCRIPT LANGUAGE=VBScript RUNAT=Server>
	Sub Session_OnStart
		'session start
	End Sub

	Sub Session_OnEnd
		'session end
	End Sub

	Sub Application_OnStart
		'application start
	End Sub

	Sub Application_OnEnd
		'application end
	End Sub
</SCRIPT>

A good example of use of the global.asa file is the tracking of page hits. Note that there is not much point in tracking hits of all web site pages unless each page is tracked specifically and individual counts are accumulated for each page. Also the IIS log can be used to accomodate individual page hits. The most useful method of page hit-tracking is the tracking of the total number of users to a web site over time. This hit count summation should be performed only on the main web site entry page. Note that if IIS is ever shut dhow then all application level variables are reinitialised, thus all web site hits are lost. The only method of countering this is storage of page hits into a disk file on your web server. Since ASP is generated on the web server to produce HTML on the client machine there is no danger of allowing clients write access to your web server. The linked pages show examples of how to track the total hits to a web site persistently regardless of web site IIS shut down.

The Persistent Hit Counter Example