The ASP Session object manages, stores, tracks, and edits info from individual user sessions. A new session is made for each user who already does not have a session and whose browser supports cookies. A session ends when it expires or is abandoned.

Basic Usage

Here are the usual methods of passing values to the user's session variables:

Session("strX") = "two"
Session("intX") = 2
Set Session("objX") = Server.CreateObject("ComponentX.ClassX")

When a new page uses a session variable that is an array, then it is good practice to pass the session variable array to a variable array first because the session variable array is actually a collection. EG: 

Dim intArrayX
ReDim intArrayX(2)
intArrayX(0) = "first"
intArrayX(1) = "second"
Session("intArray") = intArrayX
'On another ASP page:
intArrayY = Session("intArray")
intArrayY(0) = "alpha"
intArrayY(1) = "beta"
Session("intArray") = intArrayY

Often you have to check if a session variable exists at all:

'In VBScript
If IsEmpty(Session("X")) Then
    'Empty is not initialized or explicitly Empty.
End If
//In Javascript:
    //Works if Session("X") is undefined or empty string.
//In C#:
    //Do something

The ASP Session object has two collections:

  • Session.Contents collection has all the session variables created without using the <object> tag.
  • Session.StaticObjects collections has all the session variables created using the <object> tag.

Here is how all the session variables in the Contents collection might be displayed. A similar algorithm can be made for the StaticObjects collection.

Response.Write "<p>List of " & Session.Contents.Count & " items in " & "Session.Contents collection<br />"
Dim SessItem
For Each SessItem in Session.Contents
    If IsObject(Session.Contents(SessItem)) Then
        Response.Write(SessItem & " : Session object cannot be displayed." & "<br />")
        If IsArray(Session.Contents(SessItem)) Then
            Response.write "Array named " & Session.Content(SessItem) & "<ol>"
            For Each objArray in Session.Contents(SessItem)
                Response.write "<li>" & _
                Session.Contents(SessItem)(objArray)& "<br />"
            Response.write "</ol>"
            Response.write(SessItem & " : " & Session.Contents(SessItem) & "<br />")
        End If
    End If

Each particular user session has its own Session.SessionID.

Each particular user session expires:

Session.Timeout = 3
'In minutes. The default is 10 minutes.
'Clear and release session variables before going to next page.

ASP does session variables through cookies on the user's browser. Here are typical cookies:

__utma=79814661.1169705674.1260992521.1260992521.1261153360.2; __utmz=79814661.1260992521.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|; __utmc=79814661; ASPSESSIONIDQCBRSQSS=KLECFBFAGBNLJALNMBPGOEAJ; ASPSESSIONIDSABSRRST=ELBNDNBBMHCJJNEPAIHAFDKB; lq_avoid=0; __utmb=79814661.1.10.1261153360

ASP sessions can be ignored for a page by sticking in the appropriate ASP processing directive at the top of the page:




Has all the session variables created without using the <object> tag.

Session.Contents(key) = value
For Each Key in Session.Contents
For Key = 1 To Session.Contents.Count


Has all the session variables created using the <object> tag.

Session.StaticObjects(key) = value
For Each Key in Session.StaticObjects
For Key = 1 To Session.StaticObjects.Count



The codepage indicating which character set will be used to display the variables. Note that the ASP directive of @CODEPAGE indicates the codepage of the authored script whereas the Session.CodePage changes the user input and output. The most common value for codepage is 1252.

Session.CodePage = CodePage


The Locale Identifier is a 32 bit value that signifies the nuances of how numbers, currency, dates, and time are displayed. ASP will use the default locale of the Web Server if LCID is not set. Note that the ASP directive of @LCID indicates the locale of the authored script whereas the Session.LCID changes the user input and output. A common locale identifier is the British 2057.

Session.LCID = LocaleIdentifier


The ID of the current user session.


If a user does not request or refresh a page in the time given then, the page expires. The default value is 10 minutes.

Session.Timeout = minutes



Abandons the current session, destroying any objects and releasing any resources. The session variables are not actually released until the page is processed.


Remove a specific variable from the Session.Contents collection.


Removes all variables from the Session.Contents collection.



Occurs when a new users session starts. The event script is in the Global.asa file.

Of the ASP built-in objects, only the Application and Server objects are available to the Session_OnEnd event script.


All the ASP built-in objects are available to the Session_OnStart event script. This is a great place to initialize session scope variables. The event script is in the Global.asa file.

This is event script is especially good for ensuring that new user sessions start on particular web pages. EG:

<script runat="Server" language="VBScript">
Sub Session_OnStart
    strStartPage = "/AppX/StartSessionHere.asp"
    strCurrentPage = Request.ServerVariables("SCRIPT_NAME")
    If StrComp(strCurrentPage, strStartPage, 1) Then
    End If
End Sub

GeorgeHernandez.comSome rights reserved