Managing ASP.NET Sessions

This tutorial explains everything you need in order to start using sessions in your website. Sessions in the websites are very important. Why would someone use sessions? Well, have you ever seen a website where users can subscribe, and have their own username and password.

When the users enter their username and password, in the very next page, they will be able to see more things than a normal visitor do. But how can you tell that page whether the current user has signed in or not (from the previous page), here come the use of sessions through your pages.

The basic idea is to create some variables (known as sessions), and these variables are saved in your browser (ie: internet explorer, firefox, etc...). And when a page that needs registered users load, it will make a check on the session, if the session exist then you will be able to have access to that page. Otherwise you will logged out automatically to a new page that prompts you to register or Login.

We need to implement these ideas in our ASP.NET application.
First things first (instead of making it from scratch, you can download completed Session Management project, used in this tutorial), open Microsoft Access and create a new database. Call it "myDB.mdb" and then create a new table called "Login".

The structure of the table will be as in the following picture.

Now we need to add a user. We will do this from Access directly and not by an insert query from asp.net, since I'm showing in this tutorial how to use the sessions and not inserting into a database.

Double click on your table and enter a new user. In my case I used "wassim" for username, and "wassim" for password.

Open up Microsoft Visual Studio 2005, and create a new website. Give your project the name you like.

We will Modify the Default.aspx page that is created automatically. I have designed a simple Login form in photoshop and integrated it within the page. You can find the Images in the project files of this tutorial. The page now looks like this:

Nothing complicated. I sliced the images, then combined them in an html table.

The properties are: "txtUsername" and "txtPassword" for the Textboxes. "btnSubmit" for the Button. And a lblStatus for the Label (we will use this label when the username or password are wrong).

Note: make your txtpassword TextMode as "Password", so that when you type the password you will get asterisks instead of real characters.

Now double click on the submit button. And place the following code:

     ' Code Started Here
 
     Dim con As New System.Data.OleDb.OleDbConnection
 
     Dim myPath As String
     myPath = Server.MapPath("myDB.mdb")
 
     con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data source=" & myPath & ";"
 
     Dim mySelection As String
     mySelection = "select * from Login where Username='" & txtUsername.Text & "' and Password='" & txtPassword.Text & "'"
 
     Dim adp As New System.Data.OleDb.OleDbDataAdapter(mySelection, con)
 
     Dim dt As New System.Data.DataTable
     adp.Fill(dt)
 
 
     If dt.Rows.Count <> 0 Then
 
       Session("username") = txtUsername.Text
       Session("password") = txtPassword.Text
       Response.Redirect("Inside.aspx")
     Else
 
       lblStatus.Text = "wrong username or password"
 
     End If
 
     ' Code Ended Here
   

This is so simple. We just connected to our database, check the "Login" table. We searched if we have a user that has a username and password as specified at runtime. If that user exist, we create two sessions, called "username" and "password", we used Session("username") = txtUsername.text and Session("password") = txtPassword.text. We will be using these two variables later on.

Now create a new page, call it "Inside.aspx".

Leave it blank for now. Double click on the white area to get the OnLoad Event. This is the function that will be executed when the page is loaded.

Write the following code:

     ' Code Started Here
 
     Dim con As New System.Data.OleDb.OleDbConnection
 
     Dim myPath As String
     myPath = Server.MapPath("myDB.mdb")
 
     con.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data source=" & myPath & ";"
 
     Dim mySelection As String
     mySelection = "select * from Login where Username='" & Session("username") & "' and Password='" & Session("password") & "'"
 
     Dim adp As New System.Data.OleDb.OleDbDataAdapter(mySelection, con)
 
     Dim dt As New System.Data.DataTable
     adp.Fill(dt)
 
     If dt.Rows.Count <> 0 Then
 
       Response.Write("Welcome " & dt.Rows(0).Item("username"))
 
     Else
 
       Response.Redirect("Default.aspx")
 
     End If
 
     ' Code Ended Here

Here's how my page looks like after I login:

Now this page is very important. At the beginning, we connected to the database, check if the username and password exists, but this time with the Session function. This mean, if you have already signed in, you will be able to view the page. You can make sure of this by, simply typing the path of the "Inside.aspx" in your browser and hitting enter. If you do this, you will be redirected to the Default.aspx page, because the browser did not find any session and the user there does not exist.

This is the main idea about using sessions, and how websites use it in their own pages. Now you can build your own sessions, you might have more variables. Sometimes some companies use sessions to move you from page to page (Suppose you're making an online quiz, and you will be moving from one level to the other. You can use session called Level, for example Session("Level1") = "True". And then you make a check, if that session exist, you can view the page, otherwise you can't).

Hope you liked this tutorial. Happy Coding :)

Tutorial toolbar:  Tell A Friend  |  Add to favorites  |  Feedback  |