The ASP Session object manages, stores, tracks, and edits info from individual user sessions. A new session is made for each user who already does not have a session and whose browser supports cookies. A session ends when it expires or is abandoned.

Basic Usage

Here are the usual methods of passing values to the user's session variables:

Session("strX") = "two"
Session("intX") = 2

Set Session("objX") = Server.CreateObject("ComponentX.ClassX")
Session("objX").SomeMethod

When a new page uses a session variable that is an array, then it is good practice to pass the session variable array to a variable array first because the session variable array is actually a collection. EG: 

Dim intArrayX
ReDim intArrayX(2)
intArrayX(0) = "first"
intArrayX(1) = "second"
Session("intArray") = intArrayX

'On another ASP page:
intArrayY = Session("intArray")
intArrayY(0) = "alpha"
intArrayY(1) = "beta"
Session("intArray") = intArrayY

Often you have to check if a session variable exists at all:

'In VBScript
If IsEmpty(Session("X")) Then
    'Empty is not initialized or explicitly Empty.
End If

//In Javascript:
if(!Session("X")){
    //Works if Session("X") is undefined or empty string.
}

//In C#:
if(Session["X"]==""){
	//Do something
}

The ASP Session object has two collections:

Here is how all the session variables in the Contents collection might be displayed. A similar algorithm can be made for the StaticObjects collection.

Response.Write "<p>List of " & Session.Contents.Count & " items in " & "Session.Contents collection<br />"
Dim SessItem
For Each SessItem in Session.Contents
    If IsObject(Session.Contents(SessItem)) Then
        Response.Write(SessItem & " : Session object cannot be displayed." & "<br />")
    Else
        If IsArray(Session.Contents(SessItem)) Then
            Response.write "Array named " & Session.Content(SessItem) & "<ol>"
            For Each objArray in Session.Contents(SessItem)
                Response.write "<li>" & _
                Session.Contents(SessItem)(objArray)& "<br />"
            Next
            Response.write "</ol>"
        Else
            Response.write(SessItem & " : " & Session.Contents(SessItem) & "<br />")
        End If
    End If
Next

Each particular user session has its own Session.SessionID.

Each particular user session expires:

Session.Timeout = 3
'In minutes. The default is 10 minutes.

Session.Abandon
'Clear and release session variables before going to next page.

ASP does session variables through cookies on the user's browser. Here are typical cookies:

__utma=79814661.1169705674.1260992521.1260992521.1261153360.2; __utmz=79814661.1260992521.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=.net%20session%20variables; __utmc=79814661; ASPSESSIONIDQCBRSQSS=KLECFBFAGBNLJALNMBPGOEAJ; ASPSESSIONIDSABSRRST=ELBNDNBBMHCJJNEPAIHAFDKB; lq_avoid=0; __utmb=79814661.1.10.1261153360

ASP sessions can be ignored for a page by sticking in the appropriate ASP processing directive at the top of the page:

<%@ LANGUAGE="VBScript" ENABLESESSIONSSTATE=False %>

Collections

Contents

Has all the session variables created without using the <object> tag.

Session.Contents(key) = value

For Each Key in Session.Contents
    ...
Next
For Key = 1 To Session.Contents.Count
    ...
Next

StaticObjects

Has all the session variables created using the <object> tag.

Session.StaticObjects(key) = value
For Each Key in Session.StaticObjects
    ...
Next
For Key = 1 To Session.StaticObjects.Count
    ...
Next

Properties

CodePage

The codepage indicating which character set will be used to display the variables. Note that the ASP directive of @CODEPAGE indicates the codepage of the authored script whereas the Session.CodePage changes the user input and output. The most common value for codepage is 1252. 

Session.CodePage = CodePage

LCID

The Locale Identifier is a 32 bit value that signifies the nuances of how numbers, currency, dates, and time are displayed. ASP will use the default locale of the Web Server if LCID is not set. Note that the ASP directive of @LCID indicates the locale of the authored script whereas the Session.LCID changes the user input and output. A common locale identifier is the British 2057.

Session.LCID = LocaleIdentifier

SessionID

The ID of the current user session.

Timeout

If a user does not request or refresh a page in the time given then, the page expires. The default value is 10 minutes.

Session.Timeout = minutes

Methods

Abandon()

Abandons the current session, destroying any objects and releasing any resources. The session variables are not actually released until the page is processed.

Contents.Remove(key)

Remove a specific variable from the Session.Contents collection.

Contents.RemoveAll()

Removes all variables from the Session.Contents collection.

Events

Session_OnEnd

Occurs when a new users session starts. The event script is in the Global.asa file.

Of the ASP built-in objects, only the Application and Server objects are available to the Session_OnEnd event script.

Session_OnStart

All the ASP built-in objects are available to the Session_OnStart event script. This is a great place to initialize session scope variables. The event script is in the Global.asa file.

This is event script is especially good for ensuring that new user sessions start on particular web pages. EG:

<script runat="Server" language="VBScript">
Sub Session_OnStart
    strStartPage = "/AppX/StartSessionHere.asp"
    strCurrentPage = Request.ServerVariables("SCRIPT_NAME")
    If StrComp(strCurrentPage, strStartPage, 1) Then
        Response.Redirect(strStartPage)
    End If
End Sub
</script>

Page Modified: (Hand noted: 2007-05-14 19:49:34Z) (Auto noted: 2010-03-11 20:36:24Z)