<% ' {{{ Header '/* '* -File tzsessions.asp '* -License LGPL (http://www.gnu.org/copyleft/lesser.html) '* -Copyright 2002, Charlie Killian '* -Author Charlie Killian, charlie@tizac.com '* -Version 1.0 '* -Notes Check http://tizac.com/ for the latest version of this file. '*/ ' }}} ' {{{ Functions '/** '* These functions maintain state through the use of flat files and unique ids. '* No cookies are used. '* No database is used. '* '* Only strings can be saved in the session. No Arrays or Objects. '* '* To maintain state the unique session id, TzId, needs to be passed from '* page to page (either in the GET or POST). '* '* The global Dictionary object, TzSession, is the repository for the session '* variables. Add, remove and access the session variables in TzSession using '* the standard Dictionary object methods and properties. '* '* Example: '* TzStartSession() '* TzSession("count") = TzSession("count") + 1 '* Response.Write(TzSession("count")) '* Response.Write("<a href=""" & Request.ServerVariables("SCRIPT_NAME") _ '* & "?TzId=" & TzId & """>Increase Count</a>") '* TzWriteSession() '* '* In a html form pass the TzId in a hidden input field: '* Response.Write("<input type=""hidden"" name=""TzId"" value="&TzId&">") '* '* WARNING: Using these routines to store sensitive data is not secure. Anyone '* with access to the server can read the session files. (The session files are '* stored in c:\temp or a similar system temporary folder.) '* '*/ ' {{{ Globals const conForReading = 1 ' FileSystemObject constant. const conForWriting = 2 ' FileSystemObject constant. const conTzIdLength = 9 ' Number of unique characters in id. const conTzIdPrefix = "TZ" ' Add to front of unique id string. const conTzSessionTimeOut = 20 ' Minutes const conTzGarbageCollectionPct = 10 ' Percent. 10 means 10 calls out of every ' 100 to TzSessionStart() checks the ' strTzTempDir for old session files. dim TzId ' As int. An unique integer session id. dim TzSession ' As Dictionary. dim strTzTempDir ' As string. Holds the path of the temp directory. dim objTzFileSys ' As FileSystemObject. Holds the file system object. dim strTzFilePath ' As string. Holds the path to session file. dim blnTzSession ' As boolean. blnTzSession = FALSE ' Set to true in TzStartSession() ' }}} ' {{{ TzStartSession() '/** '* Starts file based session by checking Request for a TzId. If it '* exists then try to load saved session data. If it doesn't exist assign '* a new TzId. Also, creates a new TzSession and assigns all of the path '* variables needed in the other functions. '* '* @access public '* @return void '* @author Charlie Killian, charlie@tizac.com '*/ sub TzStartSession ' Collect garbage? randomize() if int((100 * rnd() + 1)) <= conTzGarbageCollectionPct then TzCollectGarbage() end if 'Create a TzSession dictionary object. set TzSession = createobject("Scripting.Dictionary") ' Create the FileSystemObject. set objTzFileSys = createobject("Scripting.FileSystemObject") ' Locate the temp directory. set strTzTempDir = objTzFileSys.GetSpecialFolder(2) ' Assign the id. TzId = Request("TzId") 'Check for TzId in request. if TzId = "" then 'No TzId in Request. Create a new id and assign. TzId = TzUniqueId(conTzIdLength, conTzIdPrefix) ' Assign the file name and path to the session file. strTzFilePath = strTzTempDir & "\" & TzId else dim objTextStream dim strKey, strValue strTzFilePath = strTzTempDir & "\" & TzId ' Check for file. if objTzFileSys.FileExists(strTzFilePath) then ' Check for a good session. if not TzHasExpired(objTzFileSys.GetFile(strTzFilePath)) then ' Get file. set objTextStream = objTzFileSys.OpenTextFile(strTzFilePath, conForReading) 'Read file. do until objTextStream.AtEndOfStream strKey = objTextStream.Readline strValue = objTextStream.Readline ' Assign the values to the TzSession Dictionary object. TzSession(strKey) = strValue loop 'Close objTextStream.Close() end if end if end if blnTzSession = TRUE end sub ' }}} ' {{{ TzWriteSession() '/** '* Write the session information to the session file. '* '* @access public '* @return void '* @author Charlie Killian, charlie@tizac.com '*/ sub TzWriteSession dim aryItems dim i ' Check for session_start. if not blnTzSession then ' Exiting!!! Error or warning should go here. exit sub end if ' Open text file. set objTextStream = objTzFileSys.OpenTextFile(strTzFilePath, conForWriting, TRUE) ' Write file. aryItems = TzSession.Keys() for i = 0 to TzSession.Count - 1 objTextStream.WriteLine(aryItems(i)) objTextStream.WriteLine(TzSession.Item(aryItems(i))) next objTextStream.Close() set objTextStream = nothing end sub ' }}} ' {{{ TzUniqueId() '/** '* Generate a unique id. '* '* @param objCollection. Collection. Collection object to iterate over. '* @access public '* @return void '* @author Charlie Killian, charlie@tizac.com '*/ function TzUniqueId(strLength, strPrefix) strPool = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" strPool = strPool & "abcdefghijklmnopqrstuvwxyz" strPool = strPool & "0123456789" randomize() strUniq = strPrefix strPoolLen = Len(strPool) for index = 1 to strLength strUniq = strUniq & mid(strPool, int(strPoolLen * rnd() + 1), 1) next TzUniqueId = strUniq end function ' }}} ' {{{ TzCollectGarbage() '/** '* This function checks all of the session file times and deletes the '* the session files older then the allowed time. '* '* @access public '* @return void '* @author Charlie Killian, charlie@tizac.com '*/ sub TzCollectGarbage() ' Check for session_start. if not blnTzSession then ' Exiting!!! Error or warning should go here. exit sub end if if objTzFileSys.FolderExists(strTzTempDir) then ' Get a list of all the files in the strTzTempDir directory. dim objFolder, objFiles set objFolder = objTzFileSys.GetFolder(strTzTempDir) ' Delete the file if it's a TzSession file has expired. for each file in objFolder.Files if instr(file, conTzIdPrefix) then if TzHasExpired(file) then file.Delete() end if end if next set objFolder = nothing end if end sub ' }}} ' {{{ TzHasExpired() '/** '* This function checks a session File to see if it has expired. '* It compares the conTzSessionTimeOut constant with the DateLastAccessed. '* '* @param objFile File. The File to check. '* '* @access public '* @return boolean '* @author Charlie Killian, charlie@tizac.com '*/ function TzHasExpired(objFile) if datediff("N", objFile.DateLastAccessed, now) > conTzSessionTimeOut then TzHasExpired = True else TzHasExpired = False end if end function ' }}} ' {{{ TzDumpDictionary() '/** '* A utility function that writes out the contents of a Dictionary. '* '* @param objDict Dictionary. The Dictionary object to dump. '* '* @access public '* @return void '* @author Charlie Killian, charlie@tizac.com '*/ sub TzDumpDictionary(objDict) dim aryItems dim intCount intCount = objDict.Count Response.Write("<br>There are " & intCount & " items in the Dictionary.<br>") aryItems = objDict.Keys() for i = 0 to intCount - 1 Response.Write(aryItems(i) & " = " & objDict.Item(aryItems(i)) & "<br>") next end sub ' }}} ' }}} %>