The Session object helps identify the user for a longer period of time. Think of what happens when you log in into an Internet-based mail account. You have to input your username and password only once – this starts your session – and then you can read and send email for as long as you want. When you hit the "Log out" button, or you close the browser window, your session comes to and, and the application doesn't know who you are anymore.

In order to solve the identification issue, ASP creates a unique cookie for each user – a sort of passport, and we've seen how it's done. The Session object stores the information about the users. Each user has a different Session object, and the server destroys this object when the session expires. The values contained in the Session object can be accessed by all the pages of your ASP web site – otherwise the user would have to input the data on every page. The fact that all applications share the same cookies may raise some securities issue. Keep in mind that ASP offers some encryption options.

The Session object has two collections: Contents and StaticObjects.

In the Contents collection, you will find all the items appended to the session by a script command: Session.Contents (Key). The "Key" parameter, the name of the item to retrieve, is required. The StaticObjects collection contains all the items appended to the session with the HTML <object> tag.

The SessionID property returns the unique ID, generated by the server for each user. There is also a Timeout property, which sets or returns the timeout for the respective session, in minutes. The session will end after that number of minutes, unless the user refreshes the page, or requests a new page.

The Session object has a method called Abandon, which kills the user's session. When you use it, you'll see that it acts only after it executed the entire script on the respective page. There is also a method called Contents.Remove, which deletes items from the Contents. You can indicate the items to be deleted by their names or by their indexes.

The Session object has two events: Session_OnStart and Session_onEnd – which occur, of course, when a session is created and when a session ends (no matter the reason why it is brought to an end). Both of the events are placed in the Global.asa file. The Global.asa file is optional. The objects, methods and variables you declare in the Global.asa file are accessed by every page of your ASP application – so, if you have objects you need to use on every page, this is a great way of saving some time and many keystrokes. You can have only one Global.asa file for an application, and you must store it in the root directory of your application, or else the pages won't know where to look for it. You don't use <% %> in the Global.asa file – instead, you will have to place everything in the HTML <script> </script> tag. If you need to create new objects, you can do so here, using the <object> </object> tag.