Wednesday, November 26, 2008
Microsoft Visio 2007
About
WebsiteVisio
Available forwindows* maclinux unixjava
Tagsvisio diagram chart graph uml Visio is one the the latest additions to the Microsoft Office suite. Visio is drawing software package that helps you with all of your drawing and graphing needs - from organization and flow charts - to database designs automatically imported and generated from existing database systems. Software developers can also use Visio to draw UML (Unified Modeling Language) diagrams to visualize their designs. Furthermore network diagrams can easily be drawn and kept up to date with Visio. Already a popular tool prior to Microsoft's acquisition in 2000.
Advertisment:SmartDraw makes it possible for non-designers to create compelling business graphics, like: flow charts, organizational charts, floor plans, maps, Gantt charts, office designs, forms, and more. No experience or training required. Try it FREE today.
Open source Visio alternatives
StarUML 5.0Available for: windows mac linux unix java StarUML is a great open source UML application. Supporting UML 2.0 and MDA (Model Driven Architecture) StarUML let's you work with all related diagrams. Code generation can be done for Java, C++ and... Read more
Kivio 1.6.1Available for: windows mac linux unix java Kivio is part of the KOffice open source office suite. For flowcharting, network diagrams and all other graphing need Kivio solves them with an easy to user interface. As part of the KOffice office... Read more
ArgoUML 0.24Available for: windows mac linux unix java ArgoUML is a great UML (Unified Modeling Language) tool. Written in Java and using Java Web Start makes it easy to work with (install) and use on any platform. It has full support for the UML 1.4... Read more
Dia 0.96Available for: windows mac linux unix java Dia is designed to be much like the commercial Windows program 'Visio'. It can be used to draw many different kinds of diagrams. It currently has special objects to help draw entity relationship... Read more
OpenOffice Draw 3.0Available for: windows mac linux unix java Open Office Draw, part of the Open Office package, wasn't designed to compete with high-end graphics packages but is an easy to use, effective drawing tool that makes it simple to create flowcharts,... Read more
Tuesday, November 25, 2008
VBScript. How to send a POST or GET to a website.
Anyone know how to send a POST or GET to a website using VBScript, such as logging in to the website using the script or sending data to a google search. The point is to send a POST or GET or something similar, Thanks everyone!
I'm jumping in a little late here, but I think it's important to note that if the use of XMLHTTP is an acceptable solution, then it is by far the easiest way to accomplish POST and GET actions. Source code is below. I think you'll agree that 3-5 lines of code per actions is pretty slick.
' Send HTTP GET
Function httpGET(url)
Set http = Server.CreateObject("Msxml2.ServerXMLHTTP")
http.Open "GET", url, False
http.send
httpGET = http.responseText
End Function
' Send HTTP POST
' For the "body" parameter, you can pass in the Request.Form object. or use this format to indicate the name of each form element "username=Danny&language=Chinese"
' Example: httpPOST( "http://test.com/", Request.Form, "someone", "password"
Function httpPOST( url, body, username, password )
Set http = Server.CreateObject("Msxml2.ServerXMLHTTP")
http.Open "POST", url, False, username, password
http.setRequestHeader _
"Content-Type", _
"application/x-www-form-urlencoded"
http.send body ' example: "username=Danny&language=Chinese"
httpPOST = http.responseText
End Function
About the only hassle comes from special encoding of strings. The function below will do the trick. I didn't write the original upon which this is based, but can't find any info about who did.
Function URLEncode(strInput)
'
' Convert all "special" characters to %NN style encoding.
' For example, a chr(32) space character is %20
'
Dim sTemp
Dim sChar
sTemp = ""
sChar = ""
Dim n
Dim ascii
For n = 1 To Len(strInput)
ascii = Asc(Mid(strInput, n, 1))
If ascii >= 65 And ascii <= 90 Then ' A..Z
sTemp = sTemp & Chr(ascii)
ElseIf (ascii >= 97) And (ascii <= 122) Then ' a..z
sTemp = sTemp & Chr(ascii)
ElseIf (ascii >= 48) And (ascii <= 57) Then ' 0..9
sTemp = sTemp & Chr(ascii)
Else
sChar = Trim(Hex(ascii))
If ascii <= 15 Then
sTemp = sTemp & "%0" & sChar
Else
sTemp = sTemp & "%" & sChar
End If
End If
Next
URLEncode = sTemp
End Function
Saturday, November 22, 2008
FUN世代
蘋果電腦創辦人沃茲尼克最近為他的自傳《 iwoz 》來台灣,他在新書演講會中反覆強調一點:「當年做很多事只有兩個出發點,一是為了好玩,二是為了改變世界」;他說自己從小就相信,可以做出什麼來改變世界,幫助這個世界變得更好。
很多人看到沃茲尼克,第一個浮上心頭的大概是:做為蘋果電腦的創辦人,唔,這傢伙一定很有錢,但是沃茲尼克說自己在製作與創業的過程中,最重要的是 常常享受其中的樂趣;他不是那麼在乎財富,很多東西都與人分享;沃茲尼克在書中也說,因為不是很有錢,再加上出身惠普的他有很紮實的技術,一直以身為「工 程師」為榮,深信憑著自己的手與腦,可以創造不同,因此對發明和追求卓越,持續不懈,做出很多很棒的東西;於是,在這個過程中,無可避免的,財富自然累積 了。
serious play
但也許你會說,太假仙了,他「已經」夠有錢了,所以才能這麼說,那也許我們來看另一個例子。
超級馬拉松跑者林義傑在台灣各學校巡迴演講時,很多年輕學子將他視為英雄,所到之處,受到很大的歡迎和羨慕。但他說,在台北某個小學演講時,他心裡 有很大的擔憂,因為小朋友問的問題裡,五個就有三個跟「金錢」有關,像是:比賽常常沒有獎金,沒有錢你幹嘛去跑,之類的;林義傑說,人生很多事都跟夢想和 價值有關,不是金錢可以衡量的,「最大的獎勵就是榮譽」。
有錢沒什麼不好,但有形的或者質的報酬,卻往往並不是吸引一個人去做某件事最重要或至少不是唯一的考量,你之所以會日以繼夜去做這事,常常是因為你 在這裡找到了樂趣,你真心享受這個「投入」的過程、真心感到快樂; 麥可‧ 許瑞吉( Michael Schrage )認為「創新是一個全力以赴的玩耍過程」(serious play ),serious play ,看似矛盾,卻多麼傳神地表達了很多成功者參與一件事的心情與態度。他們是「fun 世代」。
「 fun 世代」的邏輯是追求樂趣,真心享受,相信:如果做一件事、一樣東西,我自己可以先被娛樂到,那也會有很大的機會可以把這種娛樂感傳染、傳播出去;當有愈多 人因為你所做的事感覺更多快樂、更多方便、對生命有更多正向的感受時(我們何必做一件事讓這個世界更恨彼此?就算它能為你賺錢,散播負面能量,一不小心總 會「回饋」到自己身上,不是嗎?),你就有機會創造所謂的成功。
第一:fundamental
但 fun 並不是「放任」,而是「放下」,放下自我、放下對功成名就的汲汲追求。
fun 有三個元素,第一是「基本功」(fundamental )要夠紮實。任何事情要做到足以好玩的程度,絕非即與的神來之筆,而是要經過很多訓練與磨練的過程,「談笑有鴻儒」的背後其實是「十年寒窗無人問」;看到 各行各業的專業人士在他的那個領域裡玩得風生水起、點石成金時,別忘記他們長時間的、寂寞的「養成歲月」。
沃茲尼克在他的書裡說,「耐心」是他的核心能力,他在蘋果電腦和其他公司工作的時候看到很多怪才,「省略掉中間的步驟,只想要一步登天,」但這絕對 是行不通的;林義傑也曾歷過無數孤獨的奔跑,但一百公里就是這樣一公里、一公里,甚至一公尺、一公尺累積出來的;當人們問起王建民怎能投得這麼好時,他的 答案是「我一次投一球」,當然,在他低潮時,同樣也還得是一球一球投;村上春樹說寫作長篇小說需要花時間構思,他在寫作長篇小說與長篇小說之間,卻也沒有 閒著,他藉著翻譯來延續一種文字的手感,因為他認為寫作者不能長時間「不寫」,那會減弱對文字的敏感度。
如果問沃茲尼克、林義傑、王建民、村上春樹 …所謂的「成功的祕訣」,他們可能會這樣告訴你:不斷地實做、不斷地跑步,不斷地投球,不斷地,寫下去。
第二:universe
fun 世代的第二個特質是心懷「universe 」,做一件事,利益眾生。發明蘋果電腦之前, 沃茲尼克參加了「自製電腦俱樂部」,目標很清楚:把電腦科技帶給平民大眾,讓平民百姓買得起電腦,並且,很重要的,讓電腦可以幫助人們做事。林義傑則說, 如果他跑超馬,能帶給人們領悟到生命在生活之外的「一點什麼」,他就覺得很有成就感了。
因為清楚目標是希望「讓這個世界因為我而有所不同」,因此做起事來會有比較長遠及寬大的計畫;為自己,我們容易有得失心和計較心,因為擔心自己在整 件情裡有沒有足夠的利益,反而成為一個眼界與思想的限制,壓力很大;為眾人,「自我」不再是整件事情的核心,與所做的事有了一定的距離,如此也比較有能力 「放得下來」;奇妙的是,我們也因此比較有機會找到事情有趣的地方。
第三:now
fun 世代,第三是「now」,即知即行,就是現在。你想做什麼事,就去做吧,不要「等待」,因為一直等你就永遠會有「萬事俱備,只欠東風」的不安,如果東風不來,我們借東風讓三月的柳絮一樣飄飛;只要相信,此時此刻,我們已經具備了「開始」的能力,就可以去做。
孫中山先生的話說的很實際:「有一人之力服一人之務;有十人之力服十人之務;有千百人之力,則服千百人之務。」別在乎事情的規模,重要的是了解到任何能力都是上天恩賜,都有價值;我們活在當下,因為昨天永遠有昨天的遺憾,明天永遠有明天的麻煩,而今天也永遠有今天的利基。
沃茲尼克來台灣掀起一陣歆羨的旋風,蘋果的成功、還有他像頑童一樣的態度,可能會讓人認為他的一切來得簡單輕鬆;但千萬不要以為 fun 世代是「談笑間,強虜灰飛煙減」,認真玩耍的背後需要堅毅不懈的付出,更有寬闊開放的人生襟抱。要玩出名堂,不是一件簡單的事。
fun 世代,放手去做、放心去玩──我們準備好做 fun 世代了嗎?Friday, November 21, 2008
程式 - 畫流程圖推薦 VISIO
非常好用!!
基本上在 WWord 裡面就有內建畫流程圖的基本圖案了..
開啟 WWord 選項..插入╲圖片╲快取圖案╲流程圖
當然如果有 Visio 的效果會更好
如果要更專業的軟體還有Rational Rose 可以把整套的系統分析作出來
Rational Rose 是目前業界最強大的系統分析軟體..
拿Rose來畫一隻程式的流程圖 ??有點像拿原子彈殺螞蟻的感覺 ....
況且 ... 用Rose 畫單一程式的流程圖 .... 弟沒這樣用過,能不能畫出來,弟不確定
-------------------------- 以下是給樓主的 --------------------------
Word 應該就可以滿足樓主的需要了 ...
Visio 也可以~~不過如果是流程圖,其實跟Word 畫起來相去不遠
流程的圖形很單純,用什麼工具畫都好,重要的是正確,美觀花俏都是不必要的
說到重點了
其實不畫太複雜的流程圖,殺雞焉用牛刀?!
WORD就很夠用了
流程圖就是要一目瞭然、簡單、正確,不是做美工不用太花俏!
Thursday, November 20, 2008
ASP.NET Session State Management Using SQL Server
ASP.NET Session State Management Using SQL Server
Web applications are by nature stateless. Statelessness is both an advantage and a disadvantage. When resources are not being consumed by maintaining connections and state, scalability is tremendously improved. But the lack of state reduces functionality severely. Ecommerce applications require state to be maintained as the user navigates from page to page. ASP.NET's Session object makes it easy for developers to maintain state in a Web application. State can be maintained in-process, in a session state server, or in SQL Server.
In-process state management is the ASP.NET default, and it offers the fastest response time, but does not work in a Web farm. Consequently, it is not practical in high capacity Web applications requiring the load to be spread over multiple servers. A dedicated session state server is shared by all servers in a Web farm, so it provides scalability of the Session objects across all Web servers. It cannot store state persistently. If a dedicated session state server goes down for any reason, all session state data is lost. SQL Server is another alternative for storing session state for all of the servers in a Web farm. Since SQL Server is a database, there is a popular misconception that ASP.NET session state maintained in SQL Server is stored persistently. By default, it is not. If the SQL Server is stopped, the session state data is lost. By making a few simple changes, state can be stored persistently. It is important to understand that persistent is not the same thing as permanent. ASP.NET places a time limit (timeout in web.config) on how long a session's state is maintained. If the SQL Server is configured to store state persistently and it is down for longer than the ASP.NET session timeout interval, the session state data is lost.
Configuring ASP.NET Session State Management
Use the sessionState section of the web.config file to configure an ASP.NET Web application to use a SQL Server for session state management. The session state timeout interval is specified by using the timeout parameter.
<!-- SESSION STATE SETTINGS
By default ASP .NET uses cookies to identify which requests
belong to a particular session.
If cookies are not available, a session can be tracked by
adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
_ mode="SQLServer"
_ stateConnectionString="tcpip=127.0.0.1:42424"
_ sqlConnectionString="data source=127.0.0.1; integrated security=true"
_ cookieless="false"
_ timeout="20"
/>
Configure the SQL Server to store Session objects by running a script to create the ASPState database. Version 1.0 of the .NET Framework provides a state database configuration script in %SYSTEMROOT%\Microsoft.NET\Framework\v1.0.3705\InstallSqlState.sql. If you open the file, you will see a statement to create a database called ASPState. This probably adds to the confusion about state being persistent. The ASPState database contains stored procedures that create tables in tempdb. The tables in tempdb are where session state is actually stored. Thus, when the SQL Server is shutdown, all session state is lost. This raises an important question: If the SQL Server is never shutdown, will tempdb eventually become 100 percent full and run out of space? Recall that ASP.NET connections automatically time out and their resources are freed up after the timeout duration is exceeded. The InstallSqlState.sql script creates a job called ASPState_Job_DeleteExpiredSessions to delete expired sessions from tempdb. Recall that ASP.NET does not keep session resources alive indefinitely. To support this feature when a SQL Server is used to maintain state, the SQL Server Agent must be running so that the expired session deletion job runs as needed. By default, the job is scheduled to run every minute. It deletes session state rows with an Expires value less than the current time. The account under which the SQL Server Agent runs must have the privilege to execute the DeleteExpiredSessions stored procedure.
ASPState database scripts come in pairs. InstallSqlState.sql creates the database and supporting objects. UninstallSqlState.sql drops the database and all supporting objects (e.g., the job to delete expired sessions). You cannot drop a database if it is in use, so if the UninstallSqlState.sql script fails with this error message:
Server: Msg 3702, Level 16, State 4, Line 4
Cannot drop the database 'ASPState' because it is currently in use.
Microsoft Knowledge Base article 311209 says to stop the Web server service to overcome this error. An 「uninstallation」 failure can still occur even if the Web server service is stopped. Additionally, you might not want to stop the Web server service because that will cause all Web applications on the server to stop. Instead, use the SQL Server Enterprise Manager. Find the processes accessing the ASPState database and delete them. If users are still accessing the application and causing new processes to be created faster than you can delete them, go to the IIS console and select the Properties for the Web application. On the Directory tab, click the Remove button. This will prevent access to the Web application and allow you to kill any remaining processes accessing the ASPState database. Once the processes are gone, uninstallation should completely successfully. Be sure to go back to the IIS console and click the Create button to restore the Web application to normal working order if you previously clicked the Remove button.
Version 1.0 of the .NET Framework does not provide a script for creating an ASPState database that maintains state persistently. However, Microsoft Knowledge Base article 311209 does provide a link for downloading InstallPersistentSqlState.sql and UninstallPersistentSqlState.sql. The InstallPersistentSqlState.sql script causes the session state data to be stored in permanent tables in ASPState instead of temporary tables in tempdb.
Version 1.1 of the .NET Framework provides both InstallPersistentSqlState.sql and InstallSqlState.sql. The Framework Version 1.1 scripts are found in the %SYSTEMROOT%\Microsoft.NET\Framework\v1.1.4322 folder. Although the 1.0 and 1.1 versions of InstallPersistentSqlState.sql accomplish the same thing, they are different. For SQL Server 2000 and above, the 1.1 version creates the ASPState stored procedures using GETUTCDATE instead of GETDATE. The 1.0 version always uses GETDATE. You can use the Framework version 1.1 script to create a database for an application using the Framework version 1.0.
If you specify integrated security in the web.config file, you will have to create a server login for the ASPNET user and then make the login a user in the ASPState database. You will also have to grant permissions to the ASPNET user to use database objects. If you do not store state persistently, the ASPNET user must be granted permissions to use state management objects in tempdb. The prudent approach is to grant no more permissions than are absolutely necessary. Here are the permissions I granted after executing the Version 1.0 InstallSqlState.sql script:
USE masterGOEXECUTE sp_grantlogin [DBAZINE\ASPNET]GO
USE ASPState
GO
EXECUTE sp_grantdbaccess [DBAZINE\ASPNET]
GRANT EXECUTE on TempGetAppId to [DBAZINE\ASPNET]
GRANT EXECUTE on TempGetStateItemExclusive to [DBAZINE\ASPNET]
GRANT EXECUTE on TempInsertStateItemShort to [DBAZINE\ASPNET]
GO
USE tempdb -- remove this if using persistent state
GO -- remove this if using persistent state
EXECUTE sp_grantdbaccess [DBAZINE\ASPNET] -- remove this if persistent state
GRANT SELECT on ASPStateTempApplications to [DBAZINE\ASPNET]
GRANT INSERT on ASPStateTempApplications to [DBAZINE\ASPNET]
GRANT SELECT on ASPStateTempSessions to [DBAZINE\ASPNET]
GRANT INSERT on ASPStateTempSessions to [DBAZINE\ASPNET]
GRANT UPDATE on ASPStateTempSessions to [DBAZINE\ASPNET]
GO
If you use the InstallPersistentSqlState.sql, remove the three lines as indicated above.
Consider the grants shown above as a starting point for creating your own script appropriate for your environment.
Conclusion
ASP.NET offers two simple solutions to session state management in a Web farm. Only SQL Server offers persistent state management. A dedicated session state server does not offer persistent state management, but does not require the creation of a database (one more thing for the DBA to administer). The value of persistent state has to be weighed carefully. Maintaining session state persistently is useful only if the SQL Server can be brought back up within the session state timeout specified in the web.config. For those situations where using a SQL Server as a state server makes sense, ASP.NET makes it easy.
--
John Paul Cook is a database and .NET consultant. He also teaches .NET, XML, SQL Server, and Oracle courses at Southern Methodist University's location in Houston, Texas.
Contributors : John Paul Cook
Last modified 2005-04-12 06:21 AM
Session state management
If session stors in out-proc then where session stores in state server.
If possible for you please reply me.
Thanks and regards
Vishal
Replies to this comment
How to read the session id from other web aplication
regards,
jegan
SQL Server Version
I am running VS2005 full version along with a local copy of SQL Server developer's version.
I have configured everything correctly to store session state in SLQ server, which includes,
1. Web Config file entrees
2. Running the script in Query Analyzer and ensuring creation of ASPState database
3. Creation of ASPNET user, granting rights
4. configuring IIS to use SQL server for session State
but I keep getting error which I am pasting below,
Server Error in '/Database' Application.
--------------------------------------------------------------------------------
Unable to use SQL Server because ASP.NET version 2.0 Session State is not installed on the SQL server. Please install ASP.NET Session State SQL Server version 2.0 or above.
Can you please shed some light on it. I would appreciate
Using SQL Server for ASP.Net session state
Using SQL Server for ASP.Net session state
What is session state?
A session is defined as the period of time that a unique user interacts with a Web application. Session state is a collection of objects, tied to a session are stored on a server.
Why use SQL?
Once you start running multiple web servers for the same web site, the default asp.net session state, InProc, is no longer useful, as you cannot guarantee that each page request goes to the same server. It becomes necessary to have a central state store that every web server accesses.
SQL Server offers you centralized storage of a session state in a Web farm. It also offers the transactional capabilities that provide reliability to most relational database systems. You can use SQL Server to save a session. This process is not as efficient as InProc and StateServer mode, because you must store the information in a different process or on a different server. However, this option may be more efficient than using the aspnet_state service, depending on the actual workload and the database configuration. Once you start saving session state to a SQL database it will also persist through web server restarts and reboots.
For reliability you should consider storing session state for a web farm on a SQL cluster.
Creating the database
- Start Query Analyzer, connected to the server you want to use for state storage.
- Open and execute InstallSqlState.sql script file. By default, InstallSqlState.sql is located in one of the following folders;
system drive\ Windows\ Microsoft.NET\ Framework\version\
- If you are using trusted connections to connect to your server, you must change ownership of the state database to sa after creation. In Query Analyzer run
use ASPState
exec sp_changedbowner 'sa','true' - If you are using SQL authentication create a user and password for session state to use. At a minimum this user should havepermissions to execute the stored procedures in the ASPState database. You will have to manually set these, or if you're feeling dangerous, give the state user dbo rights to ASPState.
Configuring ASP.Net
To switch ASP.Net to use SQL you must update the <sessionState> element of your application's Web.config file as follows;
- Set the mode attribute of the <sessionState> element to SQLServer.
- Set the sqlConnectionString attribute to specify the connection string to your SQL Server
For example
<sessionState
mode="SQLServer"
sqlConnectionString="data source=server;user id=uid;password=pwd"
cookieless="false" timeout="20" />
If you specify integrated security/trusted connections in the database connection string (ie. "trusted_connection=true", or "integrated security=sspi"), you cannot use impersonation in asp.net, as your database connection will then run the context of the impersonated user, which will not have rights to the state database. You can, of course grant connections to that user context. KB 326606 has more details.
If you are configuring session state to be stored on a cluster you must manually override the .net machine keys on each server. KB 323262 has more details.
Configuring SQL2000 SP3
So, you have created the database, you've created the user, given it rights to all the stored procedures in the ASPState database, you've up to date with patches, Windows, IIS SQL, and you connect to your web site...
SELECT permission denied on object 'ASPStateTempApplications', database 'tempdb', owner 'dbo'.
INSERT permission denied on object 'ASPStateTempApplications', database 'tempdb', owner 'dbo'.
SELECT permission denied on object 'ASPStateTempApplications', database 'tempdb', owner 'dbo'.
SP3 for SQL 2000 adds a new security feature, disabled by default, cross-database ownership chaining (see KB 810474 for details). When this feature is disabled, ASP.Net session state stops working.
To reconfigure SQL 2000 SP3 for ASP.net session state you must run
use master
go
EXEC sp_configure 'Cross DB Ownership Chaining', '0';
RECONFIGURE
GO
Now restart your SQL server, then run
use master
go
EXEC sp_dboption 'ASPState', 'db chaining', 'true'
go
Timeouts under heavy load
If your web servers are under heavy load it may be useful to increase the time out for session state access. You can add the stateNetworkTimeout attribute to the sessionState settings in web.config and machine.config
<sessionState stateNetworkTimeout="15" />
If a Web server or a state server is under stress and cannot complete session accesses on time, event ID 1072 and event ID 1076 may be logged in the event log.
Caveats when using SQL session state
Using SQL is slower than using InProc session state. When storing basic data types (string, int, etc), ASP.Net can take 10%-25% longer to store their values. Complex types take even longer. Of course because you are connecting to a separate server it does use bandwidth on your network.
When using SQL Server mode, objects stored in session state are serialised and deserialised when a request is processed. So any objects which do not support serialisation cannot be stored in session state. In ASP.Net v1.0 a bug means that attempting to store a non-serialisable object does not throw an error, and so will probably pass unnoticed.
For session state to be maintained across different web servers in a web farm (the main reason for moving session state to SQL), the Application Path of the website (For example \LM\W3SVC\2) in the IIS Metabase should be identical in for all the web servers in the web farm. Microsoft's KB 325056 details this problem.
If you wish to persist session state through SQL server reboots you must follow the instructions in KB 311209 to move the session state tables from tempdb to the ASPState database.
Other resources
Peter Bromberg's Session State FAQ
KB 317604 HOW TO: Configure SQL Server to Store ASP.NET Session State
Sunday, December 31, 2006 7:07 PM
How a session id is generated for an aspx page in .net framework 1.1
How a session id is generated for an aspx page in .net framework 1.1
In this blog, I just wanted to write about the method within the .net framework which is responsible for generating the session id when a client requests an aspx page for the first time. This article doesn't talk about the various scenarios under which the session id is created.
I was curious to know which class/method within the .net framework is used to generate the session id when a request for an aspx page comes in. I was looking at the SessionStateModule class under the System.Web.SessionState namespace using the .net reflector written by Lutz Roeder - http://www.aisto.com/roeder/dotnet/
Inside this class, there is a method with the following signature
private IAsyncResult BeginAcquireState(object source, EventArgs e, AsyncCallback cb, object extraData)
{
}
Within this method, there is an if else statement which checks if the private string rqId is null or not. This is the string which actually stores the session id.
if (this._rqId != null)
{
sessionStateItem = this.GetSessionStateItem();
}
else
{
this._rqId = SessionId.Create(ref this._randgen);
if (!s_config._isCookieless)
{
HttpCookie cookie = CreateSessionCookie(this._rqId);
if (!this._rqContext.Response.IsBuffered())
{
throw new HttpException(HttpRuntime.FormatResourceString("Cant_write_session_id_in_cookie_because_response_was_flushed"));
}
this._rqContext.Response.Cookies.Add(cookie);
this._rqAddedCookie = true;
}
else
{
this._rqContext.Response.SetAppPathModifier(AppPathModifierFromSessionId(this._rqId));
HttpRequest request = this._rqContext.Request;
string url = request.Path;
string queryStringText = request.QueryStringText;
if ((queryStringText != null) && (queryStringText.Length > 0))
{
url = url + "?" + queryStringText;
}
this._rqContext.Response.Redirect(url, false);
this._rqAr.Complete(true, null, null);
IAsyncResult result = this._rqAr;
application.CompleteRequest();
return result;
}
}
In the above code snippet, if the rqId string is null, then the Session.Create method is called.
Session is an internal class within the System.Web.SessionState namespace which has a static method Create with the following definition
internal static string Create(ref RandomNumberGenerator randgen)
{
if (randgen == null)
{
randgen = new RNGCryptoServiceProvider();
}
byte[] data = new byte[15];
randgen.GetBytes(data);
return Encode(data);
}
Once the session id is generated, depending on how the cookieless attribute is set in the web.config (set to true or false) file; the session id is either added to the cookies collection or added to the URL.
Scenario 1 : Cookieless attribute set to false
If the cookieless attribute is set to false, then the session id is added to the cookies collection by making a call to the CreateSessionCookie method
private static HttpCookie CreateSessionCookie(string id)
{
HttpCookie cookie = new HttpCookie("ASP.NET_SessionId", id);
cookie.Path = "/";
return cookie;
}
After the cookie is created, it is added to the Response.Cookies collection. I was able to check the request and response headers using the fiddler tool (www.fiddlertool.com).
HTTP Request Header :
GET /webapplication1/webform1.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727)
Host: win2k3-6114
Proxy-Connection: Keep-Alive
HTTP Response Header :
HTTP/1.1 200 OK
Date: Tue, 29 May 2007 07:44:27 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=iddajxme35irfr45tcynode1; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 662
Notice the name of the cookie in the response header. You will also see this in the IIS log, once you enable the Cookie field for the specific web site and access the aspx page.
IIS Log:
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) sc-status sc-substatus sc-win32-status
2007-05-28 05:04:03 W3SVC1 65.52.76.126 GET /webapplication1/webform1.aspx - 80 - 65.52.76.126 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) ASP.NET_SessionId= iddajxme35irfr45tcynode1 200 0 0
Scenario 2 - Cookieless attribute set to true
If the cookieless attribute is set to true, then the session id is added to the url. In this case, two trips are made to the server. First time, when the page is requested, the server responds with status code 302 (object moved) and in the next request, the server responds with status code 200 (OK. The client request has succeeded). This is because once the session id is added to the url, the Response.Redirect method is called. Notice the request and the response headers below.
HTTP Request Header :
GET /webapplication1/webform1.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727)
Host: win2k3-6114
Proxy-Connection: Keep-Alive
HTTP Response Header :
HTTP/1.1 302 Found
Date: Tue, 29 May 2007 08:06:19 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /webapplication1/(n2xrh3452rylcuevsv103cep)/webform1.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 662
HTTP Request Header :
GET /webapplication1/(n2xrh3452rylcuevsv103cep)/webform1.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727)
Host: win2k3-6114
Proxy-Connection: Keep-Alive
HTTP Response Header :
HTTP/1.1 200 OK
Date: Tue, 29 May 2007 08:06:19 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 662
You will not see the cookie being set in the response headers.
If you check the URL, it will look something like this
http://
In the IIS log, you will see two entries for webform1.aspx page, one with status code 302 and the next one with status code 200. However, the cookie value will be empty.
IIS Log:
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) sc-status sc-substatus sc-win32-status
2007-05-29 08:06:19 W3SVC1 65.52.76.126 GET /webapplication1/webform1.aspx - 80 - 65.52.76.126 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) - 302 0 0
2007-05-29 08:06:19 W3SVC1 65.52.76.126 GET /webapplication1/webform1.aspx - 80 - 65.52.76.126 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) - 200 0 0
I hope you enjoyed reading this article.
Comments
# re: How a session id is generated for an aspx page in .net framework 1.1
Hi Karthic's
I have configured my website session as Outproc in SQL Server. I am handling a case for Outage. If in case my SQL Server is down for some reason. My website has one Public Error.aspx page whoes EnableSessionState is set to False.
When I Open the page directly its work fine but when i request a page whoes EnableSessionState=true and then when i redirect to Error.aspx page in case of SQL Server is down ; page doesn't open. I get the SQLException "Unable to connect..."
I wonder why a page set as EnableSessionState=false; ASP.NET tries to retrieve the session data. I also looked the code in SessionStateModule. While calling
GetSessionStateItem() checks are made if it is read-only/ Write which seems to suggest that in case when EnableSessionState =false , no calls are made.
I get a different behavior when i Override Session_Start() method. If in case you know something more abt the problem could help me it would be gr8.
-Debugger
HOW TO: Configure SQL Server to Store ASP.NET Session State
HOW TO: Configure SQL Server to Store ASP.NET Session State
On This Page
SUMMARYThis step-by-step article demonstrates how to configure Microsoft SQL Server fo...
Requirements
The following list outlines the recommended hardware, software, network infrastructure, and service packs that you need:- Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, or Microsoft Windows XP
- Microsoft .NET Framework
- Microsoft Internet Information Services (IIS)
- Microsoft SQL Server
Configure SQL Server for ASP.NET SQL Server Session State
The following steps describe how to run the InstallSqlState.sql and the UninstallSqlState.sql script files to configure SQL Server mode session state management.- In SQL Query Analyzer, on the File menu, click Open.
- In the Open Query File dialog box, browse to the InstallSqlState.sql script file, and then click Open. By default, InstallSqlState.sql is located in one of the following folders:system drive\WINNT\Microsoft.NET\Framework\version\
system drive\Windows\Microsoft.NET\Framework\version\ - After InstallSqlState.sql opens in SQL Query Analyzer, click Execute on the Query menu to run the script.
- Before you run the UninstallSqlState.sql script file to uninstall SQL Server mode session state management configuration, you must stop the w3svc process. To do this, follow these steps:
- On the Windows Start menu, click Run, type cmd, and then click OK to open a command prompt.
- At the command prompt, type net stop w3svc. You receive confirmation that the w3svc process is stopped.
- In SQL Query Analyzer, on the File menu, click Open.
- In the Open Query File dialog box, browse to the UninstallSqlState.sql script file, and then click Open. By default, UninstallSqlState.sql is located in one of the following folders:system drive\WINNT\Microsoft.NET\Framework\version\
system drive\Windows\Microsoft.NET\Framework\version\ - After UninstallSqlState.sql opens in SQL Query Analyzer, click Execute on the Query menu to run the script.
- After you uninstall SQL Server mode session state management configuration, you must restart the w3svc service. To restart the w3svc process, type net start w3svc at a command prompt.
Modify the Web.config File of Your Application
To implement ASP.NET SQL Server mode session state management, you must modify the- Set the mode attribute of the
element to SQLServer to indicate that session state is stored in SQL Server. - Set the sqlConnectionString attribute to specify the connection string for SQL Server. For example:
sqlConnectionString="data source=MySQLServer;user id=
;password= "
Note The user,, must have permissions to perform this operation on the database.
The modifiedelement should appear as follows: Note Ensure that you use the correct case when you specify themode="SQLServer"
sqlConnectionString="data source=127.0.0.1;user id=;password= "
cookieless="false"
timeout="20"
/>
element and the associated attribute values. This code is case sensitive.
Troubleshooting
- If you do not stop the w3svc process before you run the UninstallSqlState.sql script file, you receive the following error message:Cannot drop the database 'ASPState' because it is currently in use
- If entries in the ASPStateTempSessions table are not removed after the related sessions expire, make sure that the SQL Server agent is running. You can implement this functionality through stored procedures that are scheduled through jobs in SQL Server. The SQL Server agent manages these jobs.
- When you use the default InstallSqlState.sql and UninstallSqlState.sql script files to configure ASP.NET SQL Server mode session state management, note that these files add the ASPStateTempSessions and the ASPStateTempApplications tables to the tempdb database in SQL Server by default. Furthermore, if you restart SQL Server, you lose the session state data that was stored in the ASPStateTempSessions and the ASPStateTempApplications tables.For additional information about how to run alternative scripts to configure persistent SQL Server session state management so that the session data is not lost when you restart the server, click the article number below to view the article in the Microsoft Knowledge Base: 311209 (http://support.microsoft.com/kb/311209/EN-US/ ) HOW TO: Configure ASP.NET for Persistent SQL Server Session State Management
REFERENCESFor additional information, click the article numbers below to view the articles...
http://msdn2.microsoft.com/en-us/library/87069683(vs.71).aspx (http://msdn2.microsoft.com/en-us/library/87069683(vs.71).aspx)
Cutting Edge: Using Session and Application Objects in ASP.NET (an MSDN Magazine article)
http://msdn.microsoft.com/msdnmag/issues/01/11/cutting/default.aspx (http://msdn.microsoft.com/msdnmag/issues/01/11/cutting/default.aspx)
APPLIES TO
- Microsoft ASP.NET 1.1
- Microsoft ASP.NET 1.0
- Microsoft SQL Server 2000 Standard Edition
- Microsoft SQL Server 7.0 Standard Edition
- Microsoft SQL Server 2000 64-bit Edition
HOW TO: Turn Off ASP Session State in Active Server Pages and IIS
HOW TO: Turn Off ASP Session State in Active Server Pages and IIS
On This Page
SUMMARYThis step-by-step article describes how to improve the performance of your Web...
The Web server with ASP automatically creates a Session object when a Web page from the application is requested by a user who does not already have a session. The server destroys the Session object when the session expires or is abandoned, and when session state is turned off, ASP does not track users and does not permit an ASP script to store information in the Session object or use the Session_OnStart or Session_OnEnd events. These Session objects consume valuable resources. By turning off sessions, you can improve the performance and scalability of your ASP Web application. You can turn off session state either for the whole Web site or for specific ASP pages.
NOTE: Sessionless applications do not do the following:
- Execute Session_OnStart procedures.
- Send session ID cookies.
- Access built-in Session objects or session scope objects that are created with the
- Serialize execution with other session requests.
Turn Off ASP Session State on an IIS 4.0 Web Site
To turn off sessions for the ASP Web application at the Web site level by using IIS 4.0:- Click Start, point to Programs, click Windows NT 4.0 Option Pack, click Microsoft Internet Information Server, and then click Internet Service Manager.
- Right-click your Web site, and then click Properties.
- Click the Home Directory tab.
- Click Configuration, and then click the App Options tab.
- Click to clear the Enable Session State check box.
Turn Off ASP Session State on an IIS 5.0 Web Site
To turn off sessions for the ASP Web application at the Web site level by using IIS 5.0:- Click Start, point to Programs, click Administrative Tools, and then click Internet Information Services.
- Right-click your Web site, and then click Properties.
- Click the Home Directory tab.
- Click Configuration, and then click the App Options tab.
- Click to clear the Enable Session State check box.
Turn Off ASP Session State on an IIS 5.1 Web Site
To turn off sessions for the ASP Web application at the Web site level by using IIS 5.1:- Click Start, point to Programs, click Administrative Tools, and then click Internet Information Services.
- Right-click your Web site, and then click Properties.
- Click the Home Directory tab.
- Click Configuration, and then click the Options tab.
- Click to clear the Enable Session State check box.
Turn Off ASP Session State on a Specific ASP Page
You may also turn off session state for a specific ASP page by adding the following directive at the top of the ASP page:
<%@ EnableSessionState=False %>
REFERENCESFor additional information about how to disable session state, click the article...
APPLIES TO
- Microsoft Active Server Pages 4.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
Useful information, especially reading about objects that are stored in the session need to be serializable when stored in SQL Server. It's a logical one, but I hadn't thought of it until reading it here, so thanks!
page is designed in a manner
which cannot be easily readable
by persons having
semi-blind eye-sights!!!!
why!!!
This is excellent detail; better than what I get from Microsoft. Many thanks.
The page has some design problems. In the T-SQL code, some of the text is black, just like the page background! Highlighting the T-SQL reveals the hidden text.
I have installed InstallSqlState.sql,but I am unable to excute the web.config file which includes this code.
<sessionState mode="SQLServer" sqlConnectionString="data source=server;user id=sa;password=sa" cookieless="false" timeout="20" ></sessionState>
It showing error
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
How cud I sort it out.
Colours are fixed David; thanks for telling me.
Shenna that sounds like you're trying to configure the options in a sub-directory; rather than in the application root. Either configure that sub-directory to be an application itself or add the lines to the root web.config.
Hi,
My application uses a SQL Session State Server in a load balanced environment with heavy loads. My application is called very often (Aprox. 7000 users simultaneously). I sparatically get a timeout problem with the application and have to restart IIS. The w3wp.exe preocess is using up a lot of memory and 100% CPU. Would this be a problem with the SQL State Server?
Thanks in advance....
Hey Claude,
This might help resolve your problem..
http://msmvps.com/blogs/greglow/archive/2007/02/04/improving-asp-net-session-state-database-performance-by-reducing-blocking.aspx#544414
Really good article.
You can find some good articles at
http://chiragrdarji.wordpress.com/2007/04/20/aspnet-session-state-management-using-sql-server/
i want to get sqlserver date in database Using ASP.Net(C#).
PLZ tell me how can i done this job.
get me the data on session
hello sir / madam i want basic ASP.NET coding with SQL . ex: by displaying usernameand password.please relpy
for ashokkumar: There's another resource at the following link that provides a complete step by step guide with code samples
http://www.faqfront.com/document/sql-server-session-state
nice, your graphic looks like a swastika bing
why is the sqlserver session mode not efficient than InProc. Is this session mode more reliable when dealing with session expiry.
Nice article.
Simple and easy to understand.
We have a app already which uses a Db, could it be possible to accomadate the session in the existing db.. ??!!
Krunal;
Simple; objects have to be serialised before they pass out of process to either the asp.net session server or the database, this takes time.
And if you're using a database then that database round trip introduces another set of processing. Database calls aren't cheap!
Sukruth;
I doubt it, the provider only takes a server name, so it will assume a database name of ASPSTATE; I'm not sure you'd want to either; littering your own database with the session tables strikes me as messy!
Is it possible to raise an event(or get notification) when the session times out (with SQL as session store).
Hi STRavis,
Interesting once. Yes, you could put a global exception handler at the global.asax, there's an Application_Error event you could handle inside that, as an exception handler of last resort.
I don't think that you see a session state specific exception, you'd just see normal SQL exceptions; but it's probably enough to get you going.
Excellent article on understand sql state for a first timer.
WRT the comment on the global exception handler, can the custom error page be an aspx? Our observation has been that it goes into an infinite loop if the error page is aspx
Simple and easy to understand.
How can i configure SQL-Server while uploading our Web Application,where to put .mdf and .log file while uploading
how we manage the session in asp.net
thanks for your help...
Nice Article
HI
I want to share session to another web application in same server. do you know how to do that ?
Some problems I faced and can help
0. Make sure all your classes/objects being added to the session are serialized.
1. Create your own ASPState database
2. Give ownership to system adminstrator
2. Run the install....sql
3. May receive 1 error saying an object existis. Ignore that.
4. Create another user
5. Give dbo setting and add to ASPState
6. Use this user's login to connect through sqlConnectionstring in sessionState under web.config
NCache is an extremely fast in-memory distributed cache for .NET. NCache also provides an ASP.NET Session State storage that is reliable (thru replication) and scalable.
Check it out http://www.alachisoft.com.