ADC Cure Security Software Solutions (Logo)
       Products       Samples      Download       Specs         Order       FAQs       Support      
 
 

Product Specifications
 

ISP Sesion component specs

  1. Time needed per ASP page to implement the Session replacement for existing ASP pages: 5 to 10 minutes. This is done by adding two lines of code to your existing ASP pages. Improve scalability instantly - just 'plug in' a new web server, copy your ASP app and run it (provided that your DNS configuration is OK).
  2. Get Asp.Net Session compatibility, that is, you can share classic Asp Sessions with Asp.Net sessions, or use a single method to exchange session states between these two systems.
    Note: ISP Session does not (yet) run as an in-memory Session provider for .NET, it basically overrides the 'Session' property on Page level
  3. Your dedicated web server would be happy using much less RAM because RAM is not needed anymore to store state. For very big commercial web sites more hardware money can be spent on the DBMS hardware and specs.
  4. Compatible as much as possible (by defining the same interface methods) with your existing C++ or Visual Basic code that accesses the specific ASP built in objects.
  5. Web sessions can be 're-entrant', by URL for instance. This is ideal for lists & settings that a user would like to save temporarily. The browser does not need to be kept open to re-enter.
  6. Configuration for the Custom Database Service is carried out once (per box) by a configuration applet.
  7. ISP Session is a stable & scalable product; many clients have reported huge uptimes and better scalability than before.
  8. Support for automatic zlib BLOB compression. This option can be disabled if you wish so. Compressing the binary data, greatly improves database storage need and improves database response times.
    However, if your Session storage requirements are relatively small (a few parameters or so) you can disable this feature.

Component specifics
Required Disk Space: Program Files 4.7MB.
Runtime dependencies: VC90.ATL and VC90.CRT (installed only by setup if not available)
Memory requirements: Service requires 1-2 MB RAM, the COM+ component is a single in-proc DLL (+/- 255KB)
Client support: Suited for server-side COM and .NET clients
Supported windows environments: COM+ 1.5 Windows 2003/Vista and 2008 R2.
IIS: 6.0, 7.0, 7.5.
32-bit and 64-bit Windows supported.
Data Storage technology used: binary harddisk storage & DCOM
Threading Model:Any Apartment (MTA)
Language used: MS VC++ 2010 and ATL 10.0

Technical specifications & compatibility issues:


Original method Supported Remarks
Sub Abandon() Yes  
Property Codepage As Long No The replacement cannot hook into vbscript to conform to a codepage. Use the @codepage directive instead.
Property Contents As VariantDictionary (readonly) yes Returns a reference to a dictionary containing all variables.
Property LCID As Long Not supported anymore This feature is dropped in version 5.4
Property SessionID() As String Yes Note that SessionID by default returns a 32 character hexadecimal string. If you set Application("HASH_SESSION_ID") = true, this function returs a unique numeric string (just as Microsoft's does).
Property Staticobjects As IVariantDictionary No There is no way to ask ASP whether it created objects using the <OBJECT> tag.
Property Timeout As Long Yes & better The MS Session maximum Timeout: 24 hours
ISP Session maximum Timeout: 67 years.
Property Value (default) Yes Indexer (default property).
Variable types:
Variants		 Nearly all subtypes like ADO and MsXml.DomDocument All types including nested arrays are supported, with the exception of Objects and UDTs. An object must be persistable. This applies to ADO and VB instances (with the persistable option switched on...).
Specify cookie domains/path/expiration Yes This is configured by setting (optional) ASP application variables 'AD_PATH', 'AD_DOMAIN' and 'CookieExpires'.
CookieExpires must not be set within global.asa but within the users Session scope
Sub Server.Transfer()
Sub Server.Execute()		 Partly You are strongly discouraged to use Session.Transfer or Session.Execute because of unnecessary resource usage. Better use a master-template without Session.
Try to avoid Transfer and Execute in high load demanding situations

Events Supported Remarks
Sub Session_OnStart() Yes Place this code in ISPSession.asp
Sub Session_OnEnd Yes Configure Session_OnEnd.wsf (Script) to be launched by windows scheduler or another scheduler. Have this command CScript.exe session_onend.wsf run each minute.
Important Do not schedule this script and our standard session garbage scheduler at the same time. Choose between one of these two garbage collectors.

Extra Features compared with classic ASP on IIS 6 and 7
default Session Interface members
Function SessionID2(Optional AsString =True) SessionID has an optional parameter to decide whether you want a binary or legible presentation.
Sample:
Response.Write "The current session ID is: " + Session.SessionID2
Sample 2:
Dim vBinKey
vBinKey = Session.SessionID2(False) ' get a binary representation in a byte array with 16 elements
Method EnsureURLCookie() Use this method in Session_OnStart (our replacement) to ensure a cookie in the URL when a browser hits an asp page on your website (eg http://www.yoursite.com/somepage.asp becomes http://www.yoursite.com/somepage.asp?GUID=[sessionid], when you use ISP Session to support cookieless sessions.
Use this method together with Session.URL() to format each href to an ASP page on your site.
Sub SessionToNet()
Deprecated: 		Synchronizes our ISP Session to the Asp(.Net) built in Session using Microsoft's built in interop.

During the pass of IIS Intrinsics to the COM+ component, something seems broken in the IIS environmment which we cannot workaround.
You can copy the session variables yourselves from ISP Session to a native session.
eg for VBScript this would be:
For X = 1 To ISPSession.Contents.Count
key = ISPSession.Contents.Key(x)
Session.Contents(key) = ISPSession.Contents(Key)
Next
Function URL(Byval sHREF As Variant) Builds a wrapped URL for you that contains our Session key. Handy to jump to another web server that has to 'take over' the session while this normally would not be possible if you use cookies. Note that you need to share the same DBMS to utilize this
Sample: VBScript syntax
Response.Write "<a href="""
Response.Write Session.URL("http://www.theworldxyz.com/continuehere.asp?p=1&blah=x")
Response.Write """>Jump over to xyz</a>"
Sub SessionFromNet() Synchronizes the Asp.Net built in Session using interop to our ISP Session. Basically, it goes through all Keys and copies them one by one.
Sample (C# syntax):
Session["ourkey"] = "Hello World";
ISPSession.SessionFromNet();
Response.Write(ISPSession["ourkey"]);
Sub Session_OnExpired (event called in your include ISPSession.asp) IIS 4 or 5 have no standard way to test whether a session is expired.
Property LiquidCookie As Boolean Protects the session against Session Hijacking & Replay attacks.
Property IsExpired As Boolean (readonly) Property: boolean. Returns true if the tried to continue a non-existing or expired session
Property IsNew As Boolean (readonly) Property: boolean. Returns true if the user just caused a session to be started
Property ReEntrance As Boolean Property: boolean. A user can re-enter the session (using email for instance) after the user closes the web browser.
This property is by default false and should be set to true if you want a user to resume or continue a session from a bookmark
Web server fault tolerant Even after recycling a web server, the session is not lost.
Function CreateInstance(bstrProgID As String) As Object To serialise persistable VB6 objects on the Session. Non- persistable objects cannot be placed in the session!
If Session.Contents.Exists("myObj") Then
   ' deserialize the VB6 object
   Set Obj = Session("myObj")
Else
   Set Obj = Session.CreateInstance("Proj1.Foo")
   'serialize now
   Set Session("myObj") = Obj
End If
Function LogonUser(varUserUPN, varPassword) As Boolean Logs a user on using Active Directory (Windows 2000 or higher). The ASP switches to the user's security context so your ASP page or COM+ request will run with that user's credentials. Ideal replacement for the 'Clear Text' Login on IIS in combination with SSL!
Property IsAuthenticated() As Boolean Returns true if the Session was authenticated using Session.LogonUser
Property AuthenticatedUser(NWC_TRUSTEE_FORMAT format) As String Returns the user named in specified format for the current executing ASP page.
Valid formats: 1 = NT4, 8 = UPN, 1 = FQDN, 6 =GUID.
Property Readonly() As Boolean Optimizes the current ASP page session object for read only state. You would use this function to minimize database locks to an absolute minimum.
Enabling this option will not disable synchronization. To disable session synchronization, enable client cursors using SETUP.exe.
If this option is enabled, the page will not update the latest visit time stamp. Session expiration is dependend on this latest visit-time.
Function LogOff() As Boolean Logs off the current user.
Property Statistics(Optional appKey) As NWCDictionary Retrieves the Statistics Dictionary which retrieves important session/application related data such as Current Sessions
Sample:
Set Stats = Session.Statistics

Response.Write Stats("SessionCount")

Technical data and other support:
One old web server running Windows 2008 R2(AMD 64 3000+) can easily handle 400 ASP + Session requests per second..
This benchmark shows only how settings and our products perform vs. each other. Therefore we use indexes as much as possible and no absolute numbers. It is not meant to benchmark Microsoft products. 
Compatibility with Asp.Net Add the following page directive to your .Aspx page:
AspCompat="true"
Note that ISP Session has no thread affinity so it causes the least possible context switches and does not need to utilize message pumps as VB6 components do. The aspcompat=true directive is needed only to have the DotNet runtime pass through the built in Asp.Net objects such as Application, Response, etc...
Download the C# aspx script that uses our replacement
Cookieless sessions This system can use a 'cookie' stored in the URL. The Session objects works exactly the same as cookies. The only drawback is that you'll have to wrap each ASP hyperlink with the Session.URL(yourpage) function.
Session Synchronization Page execution is synchronized (one session may not execute more than one page at the same time) per session per web farm using pessimistic locking (row based).
Number of variables per session:
Tested on a single PIII 600 (on current quad core systems, the limit is the sky, but the test gives you an idea).
 Theoretical limit: 32,767 variables. 
Practical limit in combination with script/automation: 2,000 variables.
Practical limit in combination with COM (vtable): 10,000 variables.
Maximum data size per session: Limited only by your DBMS write speed in combination with your network throughput.
Minimal OS requirements and Components: Windows XP Professional, Vista or Windows 2003 and 2008 R2. 64 bit or 32 bit editions.
Note: Windows 7 is only supported as a development server for ISP Session. It has a COM+ problem which limits scalability.
State compression: zlib, using deflate, up to 80%
DBMS Type: A custom database built upon the .NET 2.0 framework. It uses a binary protocol and runs as a windows service.
Scalability: Limited only by the number of web servers in combination with the speed of your storage on the Windows server, running the custom database server.
Session key transport methods:

a) Temporary cookies. These are not stored on the HD. They are safe since they can be set to 'secure' using SSL.
b) URL based session keys, but these entail the disadvantage that each URL built in your ASP must be wrapped using script with <%=Session.URL("yourpage.asp")%>
For instance, The result URL would be:
http://www.yourwebsite.com/mailer.asp?GUID=AF93AB848aBC

Use SSL to keep session keys safe from possible network traffic sniffers.

The VariantDictionary object is used by both the Application and the Session object. You cannot instance it directly, only by refering to the readonly Contents property for the Session and the Application objects (our replacements)
Interface members
Property Item(Byval varKey as Variant)
default property or indexer		 Sets/lets/gets items within the instance of the dictionary
Readonly Property Exists (Byval varKey As Variant) Returns true if the key tested for, exists
Readonly Property Count() As Long Returns the number of key/value entries with this dictionary
Readonly Property Key (Byval keyIndex As Variant) As Variant Returns a key value by literal.
Sub Remove(Byval varKey as Variant)(vKey) Removes specified key from the key/value dictionary
Sub RemoveAll() Removes all key/value entries from this dictionary
Readonly Property VarType(Byval varKey as Variant) As Integer Returns the variant data type for the value, accessed by specified key.
Very handy for optimization. For instance, instead of using...
If VarType(Session("myObject"))= vbObject Then...
 use:
If Session.Contents.VarType("myObject") = vbObject Then...
Readonly Property CaseSensitive() As Boolean If true, causes session key variables to be case sensitive. Sample:
Session.Contents.CaseSensitive = True

Session("blah") = "Hi"
Response.Write Session("Blah") ' returns empty

Updated: Thursday, May 12, 2011
 
 
 
 
Windows hosting verzorgd door ADC Cure.