You are on page 1of 12



ROLL NUMBER: 7114233724
S!"# S!$ %C &
Active Server Pages (ASP) was Microsoft's first server-side script engine for
dynamicay-generated we! pages" It is aso #nown as Cassic ASP or ASP Cassic "It
$as now !een repaced !y ASP"%&T" It is a server side tec$noogy t$at ena!es 's to
ma#e dynamic and interactive we! pages t$at are not affected !y t$e type of !rowser
t$e we! site visitor is 'sing"
T$e ASP Session o!(ect stores information needed for a partic'ar 'ser's session on t$e
we! server" It is a'tomaticay created every time w$en an ASP page from t$e we! site
or we! appication is re)'ested !y a 'ser w$o does not aready $ave a session* and it
remains avaia!e 'nti t$e session e+pires"
T$e ASP Server o!(ect provides access to met$ods and properties on t$e server" Most
of its met$ods and properties serve as 'tiity f'nctions"
ASP stands for Active Server Pages" It is a server side tec$noogy t$at ena!es yo' to
ma#e dynamic and interactive we! pages t$at are not affected !y t$e type of !rowser
t$e we! site visitor is 'sing"
Act'ay* ASP pages are scripts t$at are r'n* or e+ec'ted* on t$e we! server" T$e script
is interpreted from top to !ottom to create ,TM- pages t$at are sent to t$e !rowser for
ASP is 's'ay r'n on Microsoft we! server* Internet Information Server (IIS)" It is t$is
we! server t$at ASP pages 's'ay r'n !est on" IIS or its micro version Persona .e!
Server (P.S) comes free wit$ .indows.
ASP C'"()*+,+-+*.
To r'n IIS yo' m'st $ave .indows %T /"0 or ater
To r'n P.S yo' m'st $ave .indows 12 or ater
C$iiASP is a tec$noogy t$at r'ns ASP wit$o't .indows OS
InstantASP is anot$er tec$noogy t$at r'ns ASP wit$o't .indows
W/)* +0 )1 ASP F+-!?
An ASP fie is ('st t$e same as an ,TM- fie
An ASP fie can contain te+t* ,TM-* 3M-* and scripts
Scripts in an ASP fie are e+ec'ted on t$e server
An ASP fie $as t$e fie e+tension 4"asp4
H'2 D'!0 ASP D+33!4 34'" HTML?
.$en a !rowser re)'ests an ,TM- fie* t$e server ret'rns t$e fie
.$en a !rowser re)'ests an ASP fie* IIS passes t$e re)'est to t$e ASP engine"
T$e ASP engine reads t$e ASP fie* ine !y ine* and e+ec'tes t$e scripts in t$e
fie" 5inay* t$e ASP fie is ret'rned to t$e !rowser as pain ,TM-
W/)* $)1 ASP 5' 3'4 60?
6ynamicay edit* c$ange* or add any content of a .e! page
7espond to 'ser )'eries or data s'!mitted from ,TM- forms
Access any data or data!ases and ret'rn t$e res'ts to a !rowser
C'stomi8e a .e! page to ma#e it more 'sef' for individ'a 'sers
T$e advantages of 'sing ASP instead of C9I and Per* are t$ose of simpicity and
Provide sec'rity - since ASP code cannot !e viewed from t$e !rowser
Cever ASP programming can minimi8e t$e networ# traffic
H'2 *' +10*)-- ASP '1 '64 '21 $'"(6*!4?
If we are r'nning .indows 3P Professiona on yo'r comp'ter* we can insta Microsoft's
we! server* Internet Information Server 2": (IIS) for free from t$e .indows 3P Pro
instaation C6 and config're it to r'n on system !y foowing t$e instr'ctions !eow:
:" Pace t$e .indows 3P Professiona C6-7om into yo'r C6-7om 6rive"
;" 5rom o'r Start <'tton* go to Settings* and Contro Pane
=" Open Add>7emove .indows Components fo'nd in Add>7emove Programs in t$e
Contro Pane"
/" In t$e .indows Component .i8ard c$ec# Internet Information Services* cic#
ne+t and foow t$e on-screen instr'ctions"
2" Ma#e s're t$at yo'r .e! server is r'nning" Its stat's can !e c$ec#ed !y going
into t$e Contro Pane* t$en Administrative Toos* and do'!e-cic# t$e IIS
Manager icon
?" Test t$at IIS is wor#ing" Type into t$e address !ar of yo'r we! !rowser
$ttp:>>oca$ost>" @o' s$o'd see t$e IIS doc'mentation* if it's wor#ing correcty"
<'t we cannot r'n ASP on .indows 3P ,ome &dition"
ASP Session Obe!"
.$en we are wor#ing wit$ an appication on o'r comp'ter* we open it* do some
c$anges and t$en yo' cose it" T$is is m'c$ i#e a Session" T$e comp'ter #nows w$o
we are" It #nows w$en we open t$e appication and w$en we cose it" ,owever* on t$e
internet t$ere is one pro!em: t$e we! server does not #now w$o yo' are and w$at yo'
do* !eca'se t$e ,TTP address doesn't maintain state"
ASP soves t$is pro!em !y creating a 'ni)'e coo#ie for eac$ 'ser" T$e coo#ie is sent
to t$e 'ser's comp'ter and it contains information t$at identifies t$e 'ser" T$is interface
is caed t$e Session o!(ect"
T$e Session o!(ect stores information a!o't* or c$ange settings for a 'ser session"
S!00+'1 ID : Session I6 is t$e 'ni)'e in# !etween !rowser and t$e server" Once t$e
session is created a session I6 is generated w$ic$ is a 'ni)'e n'm!er and it is #ept at
'ser end ( cient !rowser ) 'sing coo#ies" Server #eeps a t$e varia!es corresponding
to t$is session I6 at server side" &ac$ time !rowser moves to different pages it s'!mit
session I6 to server and server after matc$ing ret'rns a t$e session varia!es
associated wit$ t$is session I6" T$is session I6 is aso 'sed in many cases to identify
and #eep trac# of 'ser activity" 5or e+ampe in a s$opping cart script we can #eep a t$e
p'rc$ases done !y t$e visitor in a temporary ta!e wit$ a 'ni)'e fied storing t$e
session I6" <ased on t$is session I6 w$at are t$e p'rc$ases and t$e tota )'antity*
pac#ets etc can !e cac'ated at t$e c$ec#o't time" Session I6 is t$e !est way to
maintain 'ni)'e in# wit$ t$e server as many ot$er visitors wi !e 'sing t$e same site
and doing p'rc$asing at t$e same time"
W/!1 2! 0/'6-5 1'* 60! S!00+'1: Sessions are 'sed to store 'ser specific
information so it s$o'd not !e 'sed to store go!a information" 5or e+ampe t$ere is an
anno'ncement for a t$e mem!ers t$at site mem!er area wi not !e avaia!e d'ring a
partic'ar period d'e to sc$ed'e maintenance" T$is message is for a so we s$o'd not
'se session to store t$is message" In anot$er case we are 'sing a mem!ers$ip system
w$ere 'ser ogin id is to !e avaia!e inside ot$er pages* $ere detais are 'ser specific
so t$ey are to !e stored 'sing session
L')5 '1 S!47!4: A session varia!es are stored at server end" So eac$ session of t$e
visitor adds oad to t$e server reso'rces as server $as to maintain t$e session
varia!es" Say for e+ampe we are 'sing ten varia!es for eac$ session of t$e visitor"
%ow at a moment if one t$o'sand visitors ogs in to t$e server t$en tota session
varia!es wi !e :0 + :000" Imagine if t$e site !ecame more pop'ar and wit$ growing
visitor oad on server aso wi go 'p" So ony 'ser specific re)'irements are to !e #ept
in session and specia care is to !e ta#en 'p for $ig$ traffic sites"
S!$64+*.: T$is is t$e !iggest advantage of 'sing session" As t$e data reside at server
side so it remains sec're irrespective of 'ser !rowser environment" Some cases i#e
'ser a't$entication res'ts* passwords etc are #ept in sessions ony as 'sers are
e+pected to 'se different comp'ters at different ocations so t$ey can't !e eft at cient
side" A'ery string data gets easiy e+posed !y c$ec#ing t$e $istory of t$e !rowser"
A"'61* '3 D)*): <etter not to oad t$e server wit$ more session data as it drains t$e
server reso'rces" T$is is important partic'ary for $ig$ traffic sites" %ow temporary
ta!es are avaia!e in data!ases w$ic$ are fast and maintain overa sma si8e for
Variables: Baria!es stored in a Session o!(ect $od information a!o't one singe 'ser*
and are avaia!e to a pages in one appication" Common information stored in session
varia!es are name* id* and preferences" T$e server creates a new Session o!(ect for
eac$ new 'ser* and destroys t$e Session o!(ect w$en t$e session e+pires"
S!00+'1 T+"! O6* '4 564)*+'1 '3 )$*+7! 0!00+'1 +1 ASP: As t$e session varia!es are
stored at server side we can't #eep t$em for ever" T$en $ow ong we can #eep t$e
session varia!es at o'r server end C It depends on $ow fre)'enty or $ow ong t$e 'ser
is interacting wit$ t$e server" If t$e interacting period is going on t$en server $as to #eep
t$e session varia!es active !'t if t$e 'ser is not active t$en it wi remove t$e session
varia!es"T$e d'ration wit$in w$ic$ t$e visitor m'st interact wit$ server to #eep t$e
session ive is ;0 min'tes !y defa't" <'t t$is d'ration can !e c$anged at script end !y
t$is command"
Session"Timeo't D :0
T$e a!ove ine wi fi+ t$e interva for :0 min'te and wit$in t$is time t$e visitor $as to
interact wit$ t$e server to #eep t$e session ive" So inside o'r script we can manage t$e
session time as per o'r re)'irement"
T/! S!00+'1 ',8!$*90 $'--!$*+'10# (4'(!4*+!0# "!*/'50# )15 !7!1*0 )4! 5!0$4+,!5
Collection Description
Contents Contains a t$e items appended to t$e session t$ro'g$ a
script command
Static O!(ects Contains a o!(ects append to t$e session wit$ ,TM-
Eo!(ectF tag
Property Description
CodePage Specifies t$e c$aracter set t$at wi !e 'sed w$en dispaying
dynamic content
-CI6 Sets or ret'rns an integer t$at specifies a ocation or region"
Contents i#e date* time* and c'rrency wi !e dispayed
according to t$at ocation or region
SessionI6 7et'rns a 'ni)'e id for eac$ 'ser" T$e 'ni)'e id is
generated !y t$e server
Timeo't Sets or ret'rns t$e timeo't period (in min'tes) for t$e
Session o!(ect in t$is appication
Method Description
A!andon 6estroys a 'ser session
Contents"7emove 6eetes an item from t$e Contents coection
Contents"7emoveA() 6eetes a items from t$e Contents coection
Events Description
SessionGOn&nd Occ'rs w$en a session ends
SessionGOnStart Occ'rs w$en a session starts
Session #$n$%e#en" in ASP session $n& !on!e'ns
.$en t$e first re)'est comes from t$e cient !rowser* it mar#s t$e !eginning of a new
session" T$is means t$at a session o!(ect is created and a session id is assigned to t$is
session o!(ect on t$e server" T$is session id is now sent to t$e !rowser in an encrypted
form as a session coo#ie" T$e !rowser wi store t$is coo#ie in memory for entire
d'ration 'nti t$e !rowser is cosed" &ac$ s'!se)'ent re)'est from t$e !rowser wi
send t$is coo#ie as part of t$e $eader" T$e server on receiving t$e coo#ie wi #now t$e
corresponding session id and $ence t$e sessions o!(ect"
T$e 0!00+'1 ID is a read-ony va'e t$at 'ni)'ey identifies t$e c'rrent cients to t$e
.e! server" In cassic ASP* session I6s are assigned in a se)'entia manner i"e"* t$e
session I6 1H:;/1=02 is foowed !y t$e session I6 1H:;/1=0?* and so on" T$e
session coo#ie for session I6 1H:;/1=02 wo'd !e stored on t$e cient mac$ine as t$e
.e $ave descri!ed $ow session states are maintained in ,TTP in genera and in ASP
in partic'ar" T$e point of concern t$at we $ave o!served in many we! appications is
t$at t$e coo#ie va'e does not c$ange !etween 'na't$enticated pages and
a't$enticated appication area" Since t$e 'ser session is associated to t$e session
coo#ie* if a maicio's 'ser gets $od of session coo#ie prior to 'ser a't$entication* $e
can access t$e a't$enticated appication area aso" Cassic ASP does not s'pport any
met$od to enforce t$e c$ange of coo#ie va'e"
R!"!5+!0: T$ere are severa ways to circ'mvent t$is pro!em even t$o'g$ t$e ASP
patform itsef does not provide for any way !y w$ic$ t$e session coo#ie va'e can !e
atered" T$ese so'tions can originate eit$er from t$e cient side or in a form of a $eader
directive from t$e server side" T$e so'tions see# to eit$er e+pire t$e session coo#ie or
ann' t$e session coo#ie va'e so t$at t$e session coo#ie va'e on t$e ne+t re)'est
wo'd !e c$anged"
C'':+! !;(+4)*+'1: T$is is a cient side so'tion" .$en t$e ogin page is oaded* a (ava
script f'nction can !e caed w$ic$ wo'd set t$e e+pire parameter of t$e c'rrent coo#ie
to a previo's date" Ipon s'!se)'ent re)'est t$e server wo'd set t$e session coo#ie
va'e to a new string"
A116--+1< 0!00+'1 $'':+! 7)-6!: T$is is a server side so'tion" Is'ay w$en a 'ser
s'!mits $is ogin credentias* t$e re)'est is sent to an intermediate page for
a't$entication J a't$enticate"asp" .e add one more stage of server processing of
ann'ing t$e session coo#ie J ann'session"asp" T$e server can set t$e coo#ie va'e of
t$e ASPS&SSIO%I6 to %I-- 'sing t$e meta tag and set-coo#ie directive"%ow* w$en
t$e re)'est is sent to t$e server for a't$enticate"asp page t$e session coo#ie va'e
wo'd !e n' and t$e re)'est goes aong wit$ IserI6 and password as part of t$e !ody
of t$e re)'est" Ipon a't$entication and setting of session varia!es on t$e server* t$e
server sends a redirect re)'est to t$e cient and sets t$e session coo#ie to a new va'e
in t$e !rowser" %ow a s'!se)'ent re)'ests to a't$entication part of t$e appication wi
'se t$is new session coo#ie va'e"
)6*/!1*+$)*!=)0( W!-$'"!=)0(
T$e Server o!(ect provides access to properties and met$ods on t$e server" M'c$ of
f'nctionaity it provides is simpy f'nctionaity t$e we! server itsef 'ses in t$e norma
processing of cient re)'ests and server responses"Its properties and met$ods are
descri!ed !eow:
Property Description
ScriptTimeo't Sets or ret'rns t$e ma+im'm n'm!er of seconds a script can r'n
!efore it is terminated
Method Description
CreateO!(ect Creates an instance of an o!(ect
&+ec'te &+ec'tes an ASP fie from inside anot$er ASP fie
9et-ast&rror() 7et'rns an ASP &rror o!(ect t$at descri!es t$e error condition t$at
,TM-&ncode Appies ,TM- encoding to a specified string
MapPat$ Maps a specified pat$ to a p$ysica pat$
Transfer Sends (transfers) a t$e information created in one ASP fie to a
second ASP fie
I7-&ncode Appies I7- encoding r'es to a specified string
Client: 7e)'ires .indows 3P Professiona* .indows ;000 Professiona* or .indows
%T .or#station /"0"
Server: 7e)'ires .indows Server ;00=* .indows ;000 Server* or .indows %T
Server /"0"
Product: IIS
?1@ S!47!4=C4!)*!O,8!$* M!*/'5
T$e CreateO!(ect met$od creates an instance of a server component" If t$e component
$as impemented t$e OnStartPage and On&ndPage met$ods* t$e OnStartPage met$od
is caed at t$is time
S@%TA3 : CreateO!(ect( progI6)
progI6 specifies t$e type of o!(ect to create"
?2@ S!47!4=E;!$6*! M!*/'5
T$e &+ec'te met$od cas an "asp fie* and processes it as if it were part of t$e caing
ASP script" T$e &+ec'te met$od is simiar to a proced're ca in many programming
Synta+: &+ec'te( Pat$)
.$ere Pat$ is a string specifying t$e ocation of t$e "asp fie to e+ec'te" T$e Pat$
parameter may !e for eit$er an a!so'te or a reative pat$"
?3@ S!47!4=G!*L)0*E44'4 M!*/'5
T$e 9et-ast&rror met$od ret'rns an ASP&rror O!(ect descri!ing t$e error condition t$at
occ'rred" T$is met$od is avaia!e ony !efore t$e "asp fie $as sent any content to t$e
Synta+: 9et-ast&rror( )"
T$is met$od $as no parameters "
T$is met$od $as no ret'rn va'es"
?4@ S!47!4=HTMLE1$'5! M!*/'5
T$e ,TM-&ncode met$od appies ,TM- encoding to a specified string" T$is is 'sef'
as a )'ic# met$od of encoding form data and ot$er cient re)'est data !efore 'sing it in
yo'r .e! appication" &ncoding data converts potentiay 'nsafe c$aracters to t$eir
,TM--encoded e)'ivaent"
Synta+: ,TM-&ncode( string )
String specifies t$e string to encode" T$is met$od $as no ret'rn va'es"
?A@ S!47!4=M)(P)*/ M!*/'5
T$e MapPat$ met$od maps t$e specified reative or virt'a pat$ to t$e corresponding
p$ysica directory on t$e server"
Synta+: MapPat$( Pat$)
Pat$ specifies t$e reative or virt'a pat$ to map to a p$ysica directory"
T$is met$od $as no ret'rn va'es"
?@ S!47!4=T4)103!4 M!*/'5
T$e Transfer met$od sends a of t$e information t$at $as !een assem!ed for
processing !y one "asp fie to a second "asp fie"
Synta+: Transfer( Pat$)
Pat$ is t$e ocation of t$e "asp fie to w$ic$ contro s$o'd !e transferred"
T$is met$od $as no ret'rn va'es"
?7@ S!47!4=URLE1$'5! M!*/'5
T$e I7-&ncode met$od appies I7- encoding r'es* inc'ding escape c$aracters* to a
specified string"I7-&ncode converts c$aracters as foows:
Spaces ( ) are converted to p's signs (K)"
%on-ap$an'meric c$aracters are escaped to t$eir $e+adecima representation"
Synta+: I7-&ncode( string )
string specifies t$e string to encode"
T$is met$od $as no ret'rn va'es"
Active Server Pages (ASP) is a server-side scripting tec$noogy t$at can !e 'sed to
create dynamic and interactive .e! appications" An ASP page is an ,TM- page t$at
contains server-side scripts t$at are processed !y t$e .e! server !efore !eing sent to
t$e 'ser's !rowser" @o' can com!ine ASP wit$ &+tensi!e Mar#'p -ang'age (3M-)*
Component O!(ect Mode (COM)* and ,yperte+t Mar#'p -ang'age (,TM-) to create
powerf' interactive .e! sites"
Server-side scripts r'n w$en a !rowser re)'ests an "asp fie from t$e .e! server" ASP
is caed !y t$e .e! server* w$ic$ processes t$e re)'ested fie from top to !ottom and
e+ec'tes any script commands" It t$en formats a standard .e! page and sends it to t$e
A of t$e ASP pages are written in a scripting ang'age" It is 'p to t$e deveoper* w$ic$
scripting ang'age to c$oose* $owever* most of t$e asp deveopers aro'nd t$e word
'se B<Script and some 'se Lscript or PerScript as we"
S!00+'1 O,8!$*: considered to !e one of t$e most important and 'sef' o!(ect of ASP"
L'st consider its nameM session* w$at comes in yo'r mindC .$enever yo' 'se any
appication* yo' open it and finay yo' cose itM t$is period is caed as a Session" In
order for t$e we! server to #now w$o are yo' and w$at yo' do* ASP provides a 'ni)'e
coo#ie w$ic$ is created for every 'ser" T$e coo#ie is stored at t$e cient side and
contains information t$at can !e 'sed to identify t$e 'ser" T$e Session O!(ect contains
information i#e name* preferences and 'ni)'e 'ser id" Server creates session for every
'ser and destroys it as soon as t$e session e+pires"
S!47!4 O,8!$*: t$e ASP server o!(ect is 'sed to access vario's properties and met$ods
on t$e server* as t$e name impies"