如何设置会话值存储为查询字符串？ [英] how to set session value to store as a querystring?

问题描述

我知道基本上sessionid存储在客户机上的cookie中。我想知道我们如何通过查询字符串将sessionId传递给服务器以避免一些安全原因（即使这是会话ID，也不要在客户端机器上存储任何内容）。就像在一些网站上银行我们可以看到用户无法理解和解码的长查询字符串。

i know that basically sessionid is stored in cookie on the client machine. i would like to know how we can pass sessionId to server via querystring to avoid some security reason(dont store anything on client machine even if that is a session id). like in some website for banking we can see a long querystring which user can not understand and decode.

推荐答案

你应该使用session而不是cookies或查询字符串会话存储在服务器端，比两者都更安全，

你可以用这种方式定义

you should use session instead of cookies or query string Session is stored on server side and more secure than both,
You can define it in this manner

Session["UserID"]="123";

//你想要存储什么



你可以使用它以这种方式

//what ever you like to store

you can use it in this way

int sessionID = Convert.ToInt32(Session["UserID"]);
string sessionID1 = Convert.ToString(Session["UserID"]);

基本上，从您的问题以及评论中，您似乎正在尝试使用Cookieless Session。在这种情况下，SessionID将添加到Url本身。但它容易受到Session Hijack的攻击。<​​br />


参考



http://msdn.microsoft.com/en-us/library/aa479314.aspx [ ^ ]



[ ^ ]



尝试这些使其安全



< a href =http://security.stackexchange.com/questions/17719/what-risks-do-cookieless-sessions-have-what-are-the-mitigations> what-risk-do-cookieless-sessions-have什么是缓解措施 [ ^ ]

Basically , From your question as well as the Comments , it seems you are trying to use Cookieless Session. In this case, the SessionID will be added in the Url itself .But its vulnerable to Session Hijack.

Refer

http://msdn.microsoft.com/en-us/library/aa479314.aspx[^]

[^]

Try these to make it Secured

what-risks-do-cookieless-sessions-have and what-are-the-mitigations[^]

这篇关于如何设置会话值存储为查询字符串？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！