Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/175167

From BetaArchive Wiki

Article ID: 175167

Article Last Modified on 3/9/2007


  • Microsoft Active Server Pages 4.0

This article was previously published under Q175167


When you develop an Active Server Pages (ASP) Web application, a common way to customize the content is to store information about the user. There are several ways to store information in an ASP environment. This article lists the most common ways to store state, including sample code and the pros and cons of each option.


Session and Application Variables

How do they work?

The Session and Application variables are stored on the server. A SessionID, which is generated at the start of an ASP session, is an in-memory cookie that is stored on the client to identify the Session variables. As a result, the client must have cookies enabled in the browser for Session and Application variables to work.


  • This method is easy to implement.
  • You can store both simple variable types and objects (although storing objects is not recommended).
  • The values that are stored in Session and Application variables are hidden from the user.


  • This method requires clients to have cookies enabled in their Web browser.
  • This method cannot reliably be shared between frames in a frameset or across multiple browser instances.
  • This method stores information on the Web server. This decreases scalability in two ways: Session and Application variables use resources on the server, and they cannot be used on completely load balanced Web Farms.


Set the value of a Session variable:

   'Store information in a session variable.
   Session("myInformation") = "somevalue"

Retrieve the value from the Session variable:

    'Retrieve the information stored in the session variable.
    myValue = Session("myInformation")


How do they work?

There are two types of cookies: in-memory cookies, and cookies that are stored to the client's disk. An in-memory cookie is one or more name-value pairs that are stored in the browser's memory until the browser is closed. A cookie that is stored to disk is a file on the client's computer that contains name-value pairs.

Cookies can be set and retrieved from both client-side and server-side code.


  • This method is easy to implement.
  • This method can be saved to disk for future use (disk-based cookie) by simply setting an expiration date on the cookie. This enables storage between browser sessions.


  • The client can manually modify cookies that are stored to disk.
  • This method requires clients to have cookies enabled in their Web browser.
  • Cookies cannot store objects.


Store information in a cookie:

   'Set a cookie value.
   Response.Cookies("myInformation") = "somevalue"
   'Expire the cookie to save it to disk. If this is omitted, the cookie
   'will be an in-memory cookie. In this case, the cookie is set to expire
   'in twenty days.
   Response.Cookies("myInformation").Expires = now() + 20

Retrieve the value from a cookie:

    'Retrieve the information that is stored.
    myValue = Request.Cookies("myInformation")

Hidden Form Fields

How do they work?

Every page needs a form with hidden form fields that contain the state information. Instead of linking and redirecting to pages, the form is submitted when a user browses to a different page.


  • This method does not require cookies.


  • It can be cumbersome to redirect and link to pages.
  • This method cannot store objects.


Store information in hidden fields:

<SCRIPT LANGUAGE=javascript>
  //Function that is used to submit the links:
  function browseToUrl(url){

  dim myInformation
  myInformation = "somevalue"  

<!-- This stores the value that is set above in the hidden form field. -->
<FORM id="form1" name="form1" action="" method="post">
<INPUT type="hidden" id="myInformation" name="myInformation" value="<%= myInformation%>">  

<!-- Navigation sample that uses this technique. -->
<INPUT type="button" value="p3.asp" id=button1 name=button1 onclick='goToUrl("p3.asp");'>

Retrieve the value from the hidden form field:

    'Retrieving the information that is stored.
    myValue = Request.Form("myInformation")


How does it work?

When you use the QueryString collection, the variables are stored in the URL as a name-value pair. For example:


NOTE: Name-value pairs are separated by an ampersand (&).


  • If the client bookmarks the page, the state will persist.


  • The full URL can only be 2083 bytes.
  • This method cannot store objects.
  • The URL is very long and hard to read.


Store information in the QueryString:

   'Function that assembles the QueryString:
   function AddToQueryString(qs, name, value)
     if qs="" then
       qs = name & "=" & value
       qs = qs & "&" & name & "=" & value
     end if
     addToQueryString = qs
   end function

   dim querystring

   'Store the first value.
   querystring = AddToQueryString(querystring, "firstvar", "firstvalue")
   'Store the second value.
   querystring = AddToQueryString(querystring, "secondvar", "secondvalue")

<a href="urlreceive.asp?<%=querystring%>">urlreceive.asp</a>

Retrieve the values from the QueryString:

    'Retrieve the information stored.
    myFirstValue = Request.QueryString("firstvar")
    mySecondValue = Request.QueryString("secondvar")

File and Database

How do they work?

You can implement this technique in many different ways. The following steps illustrate one way to implement the file and database storing of state:

  1. Generate an ID when the user first logs on or browses to a page within your application.
  2. Use any of the techniques in this article to store the ID.
  3. To store the values in a file, use the ID as the file name. To store the values in a database, use a combination of the ID and the name-value pair to identify the record.
  4. Optionally store a timestamp with the name-value pair in the database. For files, you can use the timestamp from the last revision.
  5. Write a service to perform cleanup (delete records and files) at certain intervals (for example, every 20 minutes or every night, based on how many users access the site). The service can use the timestamp to determine whether a record has expired.


  • The values are completely hidden from the user.
  • If you use a file share or a database, this can be used to simulate session variables on a Web Farm.
  • It does not require cookies.


  • It stores data on the server side.
  • It can be cumbersome to implement.
  • This method can be slow because database and file access is required to store and retrieve the values.


For more information, see the following articles on the Microsoft Developer Network (MSDN):

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

244465 How To Disable ASP Session State in Active Server Pages

178037 PRB: Session Variables Lost When ASP is Located in Frameset

For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

Keywords: kbaspobj kbcodesnippet kbhowto kbscript KB175167