XMLHTTP ActiveX objects offer alternative to accessing ASP session variables

Instead of using cookies or hidden input boxes, you can use XMLHTTP objects to access client-side ASP variables. We'll show you how to create the object, set its properties, and invoke the send method.

Several months ago. a coworker came to me with what he said was a client-side JavaScript problem. I had to explain to my coworker that Active Server Pages (ASP) session variables could not be accessed from the client side unless they were passed in cookies or hidden input boxes. However, I continued to hunt for a better way to access ASP session variables from the client side.

Recently, while researching how to get information from the server without unloading and reloading the page, I read about the XMLHTTP ActiveX object. Essentially, this object provides a way for Internet Explorer to communicate with the Web server and receive a response. It is part of the MSXML dynamic load library, which is currently at version 4 and is available as a free download from Microsoft. It is also important to note that the default version of MSXML for Microsoft Internet Explorer 5.x is version 2.

XMLHTTP basics
You can use the XMLHTTP objects to execute an ASP on the server, wait for the server’s response, and then act upon the response. This means that with one JavaScript function and a single dedicated Active Server Page, it is possible to solve the problem of accessing a variable from the client side. Need the value of a session variable on the client side? No problem. All you have to do is call a little function.

Implementing XMLHTTP objects
Whenever I start trying to implement a concept or feature I've never tried before, I usually find it easier to break the problem into logical pieces. In this case, I started with the server-side piece and client-side pieces. With this in mind, the server-side Active Server Page, which I’ll call test.asp, looks something like this:
<%@ Language=VBScript %>
Response.Write Session(Request.QueryString("variable"))


The purpose of this server-side snippet is to return the value for any ASP session variable associated with the key in the query string.

Because the request originates from the client and an object is being used, the client-side portion is more elaborate. It is necessary to create the XMLHTTP object, set the object’s properties, invoke the object’s send method, and act upon the information returned by the object. Listing A shows the JavaScript to perform these tasks.

The next step
To further examine the possibilities of XMLHTTP, however, it is necessary to take a step backward because of a limitation in the URL used to convey the query string information from the client to the server. URLs are limited to a maximum of 2,048 bytes. This 2-KB maximum also includes the nonquery string portion of the URL. To go further, it is necessary to find a better way to pass information from the client to the server.

It took me a only about 20 minutes to come to a decision on how I would pass information from the client to the server. I decided to use HTTP. Before you decide that my mind has wandered and has yet to return, let me explain. I would pass the information in the HTTP header. By passing it in the header, it is possible to avoid the 2,048-byte limitation that is inherent in using the URL to pass information.

With this in mind, it is now necessary to modify the examples to pass information via the URL. On the client side, instead of adding a parameter to the URL of test.asp, the XMLHTTP object’s setHeader method would pass the parameter. Applying this modification produces the client-side routine shown in Listing B.

On the server side, it is necessary to retrieve the session variable name from the HTTP header instead of the request object’s query string. The result is:
<%@ Language=VBScript %>
       Response.Write Session(Request.ServerVariables("HTTP_test"))

Way beyond the basics
The name of the object I’ve described here is XMLHTTP. Note the first three letters of the object’s name: XML. You’ve seen here how to pass information between the client and the server, but the intended purpose of the XMLHTTP object is to allow the passing of information between the client and the server as XML. In a future article, I’ll explain how to use the XML Simple Object Access Protocol (SOAP) to exchange more complex information.

Editor's Picks