会话总是被清除吗? [英] Is Session Always Cleared?
问题描述
问候,
我想知道这里是否有人对会话
对象有很好的理解。我知道有一些选项,比如Session.Abandon方法和
regenerateExpiredSessionId设置,虽然我不明白它们是什么。
。
任何人都可以告诉我,回收会话是否仍然可以包含旧数据?
旧数据?我有几个报告,用户说他们登录了
并看到了另一个用户的数据。在这个网站上,有几个案例
我使用Session对象来跟踪当前用户的信息。
感谢任何提示或链接。
Jonathan
Greetings,
I was wondering if anyone here has a good understaning of the Session
object. I know there are options like the Session.Abandon method and the
regenerateExpiredSessionId setting, although I do not understand what they
do.
Can anyone tell me if it''s possible for a recycled session to still contain
the old data? I had a couple of reports that where users said they logged on
and saw another user''s data. On this site, there were a couple of cases
where I used the Session object to track information about the current user.
Thanks for any tips or links.
Jonathan
推荐答案
Jonathan Wood写道:
Jonathan Wood wrote:
问候,
我想知道这里是否有人对会话
对象有很好的理解。我知道有一些选项,比如Session.Abandon方法和
regenerateExpiredSessionId设置,虽然我不明白
他们做了什么。
任何人都可以告诉我,如果再循环会话仍然可能包含旧数据吗?我有几个报告,用户说他们登录并看到了另一个用户的数据。在这个网站上,有一些
的情况,我使用Session对象来跟踪关于当前用户的信息
。
感谢您的任何提示或链接。
Jonathan
Greetings,
I was wondering if anyone here has a good understaning of the Session
object. I know there are options like the Session.Abandon method and the
regenerateExpiredSessionId setting, although I do not understand what
they do.
Can anyone tell me if it''s possible for a recycled session to still
contain the old data? I had a couple of reports that where users said
they logged on and saw another user''s data. On this site, there were a
couple of cases where I used the Session object to track information
about the current user.
Thanks for any tips or links.
Jonathan
会话ID存储在浏览器的cookie中,与服务器上现有的Session对象匹配
。
如果一个Session对象超时,它就会永远消失。如果重用过期的
会话ID,则会为其创建一个新的空Session对象。
会话ID可能被欺骗,但这很难你的
用户正在做什么,所以Session对象很可能不是原因
为什么有些用户可以看到其他一些用户数据。
您是否在应用程序中使用任何静态变量?
-
G?ran Andersson
_____
http://www.guffa.com
" G?ran Andersson" < gu *** @ guffa.com写信息
新闻:%2 *************** @ TK2MSFTNGP06.phx.gbl ...
"G?ran Andersson" <gu***@guffa.comwrote in message
news:%2***************@TK2MSFTNGP06.phx.gbl...
会话ID存储在浏览器的cookie中,与服务器上现有的Session对象匹配
。
如果一个Session对象超时,那就永远消失了。如果重用过期的
会话ID,则会为其创建一个新的空Session对象。
会话ID可能被欺骗,但这很难您的用户
正在做什么,因此Session对象很可能不是某些用户可以看到其他用户数据的原因。
The session id is stored in a cookie in the browser, and is matched
against the existing Session objects on the server.
If a Session object has timed out, it''s gone forever. If an expired
session id is reused, a new empty Session object is created for it.
A session id could possible be spoofed, but that is hardly what your users
are doing, so the Session objects are most likely not the reason why some
user could see some other users data.
是的,没有人试图破解该网站。所以,就你而言,
一个会话永远不会看到另一个用户使用的会话数据?
Yeah, no one is trying to hack the site. So, as far as you are concerned,
one session would never see the Session data used by another user?
你使用的是应用程序中的静态变量?
Are you using any static variables in your application?
不,我将任何持久数据存储在Session对象或数据库中。这是我创建的第一个大型网站(虽然我已经为许多人编程了很多,但是b
)。我现在准备详细检查我的代码了,但说实话,我不知道这可能是什么。
请注意通常情况下,网站的工作方式与预期一致。
谢谢。
Jonathan
No, I store any persisting data in the Session object or the database. It''s
the first big site I created (although I''ve been programming for many, many
years). I''m now prepared to review my code in detail but, to be honest, I
really have no idea what this could be.
Note that, normally, the site works exactly as expected.
Thanks.
Jonathan
你的问题不是会话。你更有可能遇到缓存问题,一个单独的b单身,静态变量或用户正在使用同一台计算机。
也许你有一些存储在应用程序中的东西,或者你已经尝试了一些全局对象的形式。会话,用作挂起会话数据的地方,
不是问题。
-
Gregory A. Beamer
MVP,MCP:+ I,SE,SD,DBA
订阅我的博客
http://feeds.feedburner.com/GregoryBeamer#
或者只是阅读:
http://feeds.feedburner.com/GregoryBeamer
************************************** ******
|创造性思考! |
***************************************** ***
" Jonathan Wood" < jw *** @ softcircuits.com写信息
新闻:Ol ************** @ TK2MSFTNGP02.phx.gbl ...
Your problem is not session. It is more likely you have a cache issue, a
singleton, static variables or the users are using the same computer.
Perhaps you have something stored in application, or you have tried some
form of global object. The session, used as a place to hang session data, is
not a problem.
--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA
Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#
or just read it:
http://feeds.feedburner.com/GregoryBeamer
********************************************
| Think outside the box! |
********************************************
"Jonathan Wood" <jw***@softcircuits.comwrote in message
news:Ol**************@TK2MSFTNGP02.phx.gbl...
问候,
我想知道这里是否有人对会话
对象有很好的理解。我知道有一些选项,比如Session.Abandon方法和
regenerateExpiredSessionId设置,虽然我不明白它们是什么。
。
任何人都可以告诉我,如果再循环会话仍然可能包含旧数据吗?我有几个报告,用户说他们已经登录并查看了另一个用户的数据。在这个网站上,有几个
的案例,我使用Session对象来跟踪有关
当前用户的信息。
感谢您的任何提示或链接。
Jonathan
Greetings,
I was wondering if anyone here has a good understaning of the Session
object. I know there are options like the Session.Abandon method and the
regenerateExpiredSessionId setting, although I do not understand what they
do.
Can anyone tell me if it''s possible for a recycled session to still
contain the old data? I had a couple of reports that where users said they
logged on and saw another user''s data. On this site, there were a couple
of cases where I used the Session object to track information about the
current user.
Thanks for any tips or links.
Jonathan
这篇关于会话总是被清除吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
