We've seen in several places how ASP creates or modifies the HTTP headers that are sent to the client in response to page requests. There are several properties and methods in the Response object that can help us do this. Here are some header methods:
· Control caching and expiration.
· Create status and customized HTTP headers.
· Specify the MIME type or content type.
· Add PICS tags.
Each of these aspects will be briefly examined next. You can check the properties and methods we are talking about by clicking on the relevant property name or method name on the "Response Object" home page (show_response.asp).
1. Caching and "Expiring" ASP Web Pages
Users' browsers, as well as any proxy server between them and the server, can cache HTML and web pages created with ASP. When the user subsequently requests the page, the browser sends a "last modified" request to the server (using an HTTP_IF_MODIFIED_SINCE header containing the date of the cached version) to ask whether the page has been modified.
If it has not been modified, the server should respond with a status code and message "304 Not Modified" and the browser will use the cached content without downloading a copy over the network. If a modified version already exists, it will be sent along with the "200 OK" status code and message.
1) Response.CacheContol attribute
Other factors will also affect this processing process. However, any proxy server within the network route used by the web page (usually located on the client side) can be stopped from caching the web page by setting the Response.CacheControl property to Private. In ASP 3.0, this is the default for ASP web pages and does not need to be set. But it is especially useful when a web page is specifically customized for individual visitors. This prevents other users on the same network from accessing the same page. When the CacheControl attribute value is set to Public, the server is allowed to cache web pages. Note that some proxy servers may behave differently and ignore or bypass this header.
In IE4, it is possible to get a spurious "This page has expired" message when proxy server caching is available. We have provided a web page (expiretest_form.asp) that can be tested on the network through your own proxy server to check the impact of this attribute. This page can be displayed by clicking the "Response. CacheControl" link on the "Response Object" home page. As shown in the figure below:
When this page is submitted to the expiretest_result.asp web page, the Response.CacheControl property can be set, and then the value and the time when the script is executed are inserted into the web page:
<%
If Request.Form(“public”) = “on” Then 'Cache-Control check box was ticked
Response.CacheControl = "Public"
Else
Response.CacheControl = "Private"
End If
%>
<HTML>
...
Cache-Control is: <B><% = Response.CacheControl %></B><P>
Value in text box is: <B><% Response.Write Request.Form(“textbox”) %>
<%
Response.Write Right(“0” & Hour(Now),2) & “:” & Right(“0” & Minute(Now),_
& 2) & “:” & Right(“0” & Second(Now),2)
%></B>
By clicking "Back" and "Forward" on the browser, you can see whether the code executes automatically or uses a cached copy.
2) Response.Expires and Response.ExpiresAbsolute properties
The two properties that control the storage time of cached web pages are the Expires and ExpriesAbsolute properties of the Response object. Response.Expires defines the length of time, expressed in minutes since creation, that a page should remain valid before being discarded from the cache. The ExpiresAbsolute attribute sets an absolute date and time for expiration.
We provide a sample web page named addheaders_form.asp to demonstrate how to use these attributes. Click the link for both properties in the Response Object home page.
In the resulting page, you can add your own customized HTTP headers and set various attributes of the HTTP headers that affect the response. When the "Submit Query Content" button is clicked, the page show_headers.asp adds the selected headers to the returned data stream and then displays the code used to accomplish this, displaying the corresponding execution time, which can be used to check whether the page was The cache is still executed again.
The code in the show_headers.asp web page creates and adds HTTP headers. The procedure is as follows:
<%
'Write HTTP headers before any other output
If Request.Form(“expires”) = “on” Then _
Response.Expires = Request.Form("expires_value")
If Request.Form(“expiresabs”) = “on” Then _
Response.ExpiresAbsolute = Request.Form("expiresabs_value")
If Request.Form("lastmod") = "on" Then _
Response.AddHeader “LAST-MODIFIED”, Cstr(Request.Form(“lastmod_value”))
If Request.Form(“pragma”) = “on” Then _
Response.AddHeader “PRAGMA”, CStr(Request.Form(“pragma_value”))
If Request.Form("refresh") = "on" Then _
Response.AddHeader “REFRESH”, CStr(Request.Form(“refresh_value”))
If Request.Form(“addheader”) = “on” And Len(Request.Form(“addheader_name”)) Then _
Response.AddHeader CStr(Request.Form(“addheader_name”)), _
CStr(Request.Form(“addheader_value”))
If Request.Form("status") = "on" Then _
Response.Status = Request.Form("status_value")
%>
<HTML>
...
...Show code and execution time
...
the rest just shows the code that has been executed and when it was executed. Readers will notice the custom header "PRAGMA" included in the web page (which we haven't discussed so far). Some (former) proxy servers use this as an indication of whether web disks should be cached. The default is for pages to be cached unless the HTTP header "PRAGMA=NO-CACHE" is received.
2. Create status codes and customized HTTP headers.
You can use the AddHeader method of the Response object that you saw earlier in the example web page to create your own status codes or customized headers that you like. This method requires two parameters: the HTTP header name or a string containing its value or the value assigned to it. As an example, the following code adds a REFRESH header to the page:
Response.AddHeader "REFRESH", "60;URL=newpath/newpage.asp"
This is equivalent to the client-side <META> element:
<META HTTP-EQUIV=" REFRESH", "60;URL=newpath/newpage.asp">
In other words, you can also use the AddHeader method with the Status attribute to make the browser load a new page:
Response.Status = "302 Object Moved"
Response.Addheader “Location”, “newpath/newpage.asp”
This is equivalent to using the Response.Redirect method:
Response.Redirect “newpath/newpage.asp”
The Response.Status property can be used to send some required status messages, for example Add the following lines:
Response.Status= “401 Unauthorized”
Response.Addheader “WWW-Authenticate”, “BASIC”
forces the browser to display a username/password dialog and then send them back to the server using BASIC authentication (which will be covered in this article See verification methods later in the series).
3. MIME type and content type
When we want to send a dynamically created string to the browser, and they do not directly indicate the content type when they are provided to the browser, but provide an extension indicating whether it is a disk file, Response. ContentType is very useful. Unless otherwise specified, all web pages created by ASP default to "text/type". The identifier of the content type is the MIME type (MIME stands for Multi-purpose Internet Multimedia Extension or Multi-pupose Internet Mail Extension, usually depending on the context).
For example, if the data annotation sent to the client is an image created by reading binary values from a database, you need to add the appropriate CONTENT-TYPE header before sending any content:
Response.ContentType = "image/jpeg"
If you create an image from a database For XML files, use the MIEM type "text/xml"; and if you are creating a text file that can be displayed in a file editor or stored as a disk file on the client, use "text/text".
4. Adding a PICS tag
The Respnse.Pics property simply adds a PICS (Platform for Internet Content system) tag to the page in the same way as the usual <META> tag:
QUOT = Chr(34)
StrPicsLabel = “(PICS-1.0” & QUOT & “http://www.rsac.org/ratingsv01.html”_
& QUOT & “ 1 gen true comment “ & QUOT _
& “RSACi North America Server” & QUOT & “ for “ & QUOT _
& “http://yoursite.com” & QUOT & “ on “ & QUOT _
& “1999.08.01T03:04-0500” & QUOT & “ r (n 0 s 0 v 2 l 3))”
Response.Pics(strPicsLabel)
This code adds the following PICS label:
(PICS-1.0 “http://www.rsac.org/ratingsv01.html” 1 gen true comment “RSACi
North America Server” for “http://yoursite.com” on “1999.08.01T03:04-0500”
r (n 0 s 0 v 2 l 3))
To get more information about PICS, or to learn more about the way to define page content, please search the http://www.rsac.org/ site.
Defining headers in Internet Service Manager
In the first part of this series of articles, it has been explained how to set the properties of each web site and IIS 5.0 directory in the Internet Service Manage (MMC plug-in) application, which defines the use of this site or Directory resources are sent to the client in the HTTP headers of all requests, providing an alternative to setting these properties using ASP script code in each web page.
Right-click on the Web site or directory and select "Properties". In the "HTTP Headers" tab of its dialog box, you can set the relative time or absolute date for the validity period of the page content, define customized headers, and create PICS content level labels. , content types can also be defined through MIME type mapping.
You can see that a custom REFRESH HTTP header has been created and applied to all web pages loaded from this directory. That is, it automatically reloads (refreshes) every minute (ideal for showing the latest scores from baseball games, but too heavy a load on the server).
To add custom content type mappings in the "MIME Map" box, simply click the "File Types" button in the main "Properties" dialog box to add them to the list.
When you start experimenting with HTTP headers, you'll quickly discover that not all browsers behave the same, and many browsers respond to different HTTP headers in different ways, making it sometimes extremely difficult to reliably establish a generally applicable principle.
2. Use client certificates
If you set up a secure Web site or a site with a secure portion of its content, you can install a digital server certificate to authenticate the server by allowing visitors to use the encrypted details in the certificate. With each page request to the site or directory, the server sends a copy of the certificate, which the browser can examine to determine who it is talking to.
Similarly, the server can also be set up to require users to provide a valid digital certificate when entering the website. They can obtain this certificate from many sources, such as Verisign ( http://www.verisign.com ) or Thawte Consulting ( http://www.thawte.com ). The reader will see the details of this process in Chapter 25.
These situations all use the values of the ClientCertificate collection of the Request object. The example code in this chapter has included a page that shows how users use some of the methods of these collection values.
This page is named showcert.asp, and all it does is iterate through the ClientCertificate collection and display all the values it contains. It can be done using the same simple code you've always used before, the only difference being to build an HTML table to hold the results and truncate them into groups of 60 characters.
<TABEL CELLPADDING=0 CELLSPACING=0>
<%
For Each keyItem In Request.ClientCertificate()
StrItemValue = Request.ClientCertificate(keyItem)
If Len(strItemValue) > 90 Then strItemValue = Left(strItemValue, 60) & “..etc.”
Response.Write “<TR><TD>” & keyItem & “ = “ & strItemValue & “</TD></TR>”
Next
%>
</TABLE>
Using Client Certificate Redirection
Once all visitors to a site or part of a site are asked to give their client certificate, the information it contains can be used to craft the web pages we create for that user. For example, you can use the Organization entry of their certificate to automatically redirect them to a specific part of the site and redirect other visitors elsewhere:
If Request.ClientCertificate("SubjectO") = "Wrox Press Inc" Then
Response.Redirect "/wrox_staff/default.asp" 'Wrox staff site
Else
Response.Redirect "/public/Default.asp" 'Normal public site
End If
Accordingly, the Country entry can be used to redirect the visitor to a corresponding website:
Select Case Request.ClientCertificate("SubjectC")
Case “UK”: Response.Redirect “http://uk_site.co.uk/”
Case “DE”: Response.Redirect “http://de_site.co.de/”
Case “FR”: Response.Redirect “http://fr_site.co.fr/”
'... ect.
Case Else: Response.Redirect “http://us_site.com/”
End Select
3. Reading and writing binary data
There are two methods that provide binary data access to the HTTP data stream sent from the browser to the server and the data stream returned from the server to the browser. The Request.BinaryRead method can get a parameter that specifies the number of bytes to be read, and returns an array of variant type that contains the bytes obtained from the requested POST segment (such as data in the ASP's Form collection). The following program reads the first 64 bytes of data:
varContent = Request.BinaryRead(64)
If you use the BinaryRead method, you will not be able to access ASP's Request.Form collection in the future. Likewise, once we reference the Request.Form collection in any way, we cannot use the BinaryRead method.
It is also possible to write binary data into the response stream created by ASP, using the BinaryWrite method. You need to provide it with a variant array of the bytes you want to write to the client:
Response.BinaryWrite(varContent)
These methods are rarely used unless you create a non-HTML source from a database. An example of use is to read the bytes that make up the image from the database and send it to the client using the BinaryWrite method.
4. Create a custom log message
If the server is set up to log requests to a text file in the W3C Extended Log File Format, you can use the Response.AppendToLog method to add a message string to the end of the log file entry. This method is very useful if you want to store some values or messages for a specific web page, or when a specific situation occurs in the script.
For example, through an intranet's "stationary order" application, you can record the department numbers of employees who exceed a specific number of entries:
...
If intItemCount > 25 Then
Response.AppendToLog "Large order from '" & strDept & department."
End If
...
setting up extended logging
To use the AppendToLog method, the W3C Extended Log File Format logging setting must be activated. The setting method is to enter the Web Site tab in the Properties dialog box, select the Enable Logging check box, select W3C Extended Log File Format and click the Properties button, as shown in the following figure:
In the Extended Logging Properties dialog box that appears, You can select the entries you want to include in the log file. Make sure URI Stem is checked, otherwise the AppendToLog method will fail.
We have provided a simple example page that attempts to write an entry in the log file, which can be opened from the AppendToLog method link in the Request Object home page (show_request.asp). All this page does is create a simple string containing the current date and time, and then execute the AppendToLog method:
strToAppend = “Page executed on ” & Now
Response.AppendToLog strToAppend
Summary
This article has begun the study of ASP 3.0, and we have also seen how ASP 3.0 works together with Internet Informateion Server 5.0 to provide an easy-to-use, efficient method of creating dynamic Web pages and Web applications. . Of course, there are still some places that need to be studied. This chapter just learned the two most basic objects built into ASP.
The two most basic objects are the Request and Response objects, which allow us to access and use values as part of a client/server session, which occurs whenever a user requests and loads a page or resource from a Web site. , meaning that the Request object can provide access to all the content requested by the user, while the Response object allows the creation and modification of the response sent back by the server.
These objects expose various parts of the session through collections and properties, and provide multiple methods for retrieving and modifying individual segments. If you think of them as tools for breaking down a user's request and creating a response with the appropriate content, it can help you understand what's going on. It will also help to understand how various methods affect the client, the server, and the web page being created.