哪一个更好，是InProc或SQL Server，在asp.net会话状态模式？ [英] Which one is better, InProc or SQL Server, for Session State mode in asp.net?

问题描述

我开发一个ASP.NET网站。我想知道哪一个是在会话状态模式更好：是InProc或SQL Server？我需要听到你对这个问题的经验。

I am developing an ASP.NET website. I want to know which one is better in session state mode: InProc or SQL Server? I need to hear about your experiences on this issue.

另外一个问题是关于Cookie的属性。是否有任何安全漏洞在我的地盘，如果我将它设置为真？在所有我在MSDN现场看到样品，该属性设置为false。

Another question is about cookieless attribute. Is there any security hole in my site if I set it to true? In all the samples I saw in MSDN site, this attribute was set to false.

和最后一个问题是关于超时属性。这是否影响属性我一生的会议时，我将它设置为是InProc模式？

And the last question is about Timeout attribute. Does this attribute effect my sessions lifetime when I set it to InProc mode?

推荐答案

• InProc会话是非常快很多，少的要求（序列化），但是当你在多个Web服务器上运行你的应用程序无法使用;

Better in terms of what?

• InProc session is much much faster, has less requirements (serialization), but unusable when you're running your application on several web servers;

  SQL会话慢得多，有对象序列化的要求，但可以在多个Web服务器之间共享;

  Sql session is much slower, has object serialization requirements, but can be shared between several web servers;

  这是它们之间的主要区别，开发商应该主要关心的。

  That's the main difference between them that developers should mostly care about.

  您应该问关于这个一个单独的问题，因为这是previous一个完全不相关的问题。

  You should ask a separate question regarding this, because it's a completely unrelated question to previous one.

  如果您关闭cookie的会话ID的处理，你将能够看到会话ID。但是，这样，可以，如果你检查的cookie。的数量是有

  If you turn off cookie session ID handling you will be able to see Session ID. But so can you if you check cookies. The number is there.

  和会话cookie有效期设置为浏览器会话所以它实际上持久性方面是相同的。

  And Session cookie expiration is set to browser session so it's practically the same in terms of persistence.

  会话可以，如果你知道对方的会话ID被劫持。这当然更容易，如果你使用Cookie会话，因为所有你需要做的是改变URL ...

  Sessions can be hijacked if you know other party's Session ID. It's easier of course if you use cookieless sessions because all you have to do is to change URL...

  和有一个与复制的URL和共享/储蓄（我的最爱）另一件事。我想我不必解释的问题。

  And there's another thing with copying URLs and sharing/saving (Favourites). I suppose I don't have to explain the problem.

  Cookie会话是假默认情况下，因为绝大多数浏览器的支持Cookie。 您应该只把它当你知道你的客户不会有饼干上。

  Cookieless sessions are false by default because vast majority of browsers support cookies. You should only turn it on when you know your clients won't have cookies.

  会话超时总是与会话过期不管会话类型。但是你要知道，当你使用SQL防爆preSS版本，因为你需要SQL Server代理服务丢弃过期会话SQL会话状态可能不遵守此设置。您可以通过编写你自己的Windows服务丢弃过期会话缓解这一问题。

  Session timeout is always related to session expiration regardless of session type. But you have to be aware that SQL session state may not obey this setting when you use SQL Express editions because you need SQL Server Agent service to discard expired sessions. You can mitigate this problem by writing you own Windows Service that discards expired sessions.

  这篇关于哪一个更好，是InProc或SQL Server，在asp.net会话状态模式？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！