何时在ASP.Net MVC中使用的TempData VS会议 [英] When to use TempData vs Session in ASP.Net MVC
问题描述
我试图让MVC框架的窍门让我难以承受。
I am trying to get the hang of MVC framework so bear with me.
现在,我使用的会话存储用于存储着登录用户当前的唯一的事。我的网站是简单的。在这个例子中,考虑三个领域对象,人,会议和文件。用户可以登录系统,查看会议的成员只有配置文件,可以将文件添加到它,或查看会议的公开个人资料,如果他们还没有登录。
Right now, the only thing I'm using the session store for is storing the current logged in user. My website is simple. For this example, consider three domain objects, Person, Meeting, and File. Users can log in and view a "members only" profile of a meeting and can add files to it, or view a meeting's public "profile" if they aren't logged in.
所以,从会议的专用配置文件,以登录的用户,我有一个添加文件链接。此链接路线FileContoller.Add(INT meetingId)。从这个动作,我得到了用户想要将文件添加到使用会议ID的会议,但形式发布后,我还需要知道用户将文件添加到会议。这就是我的问题所在,我应该通过互动目前以会议通过的TempData,或将其添加到会话存储?
So, from the meeting's private profile, with a logged in user, I have a "add files" link. This link routes to FileContoller.Add(int meetingId). From this action, I get the meeting the user want to add files to using the meeting id, but after the form is posted, I still need to know which meeting the user is adding files to. That's where my question lies, should I pass the "currently interacting with" meeting through TempData, or add it to the Session store?
这是我目前拥有的添加操作设置,但它不工作:
This is how I currently have the Add action setup, but it's not working:
public ActionResult Add(int meetingId)
{
try
{
var meeting = _meetingsRepository.GetById(meetingId);
ViewData.Model = meeting;
TempData[TempDataKeys.CurrentMeeting] = meeting; /* add to tempdata here */
}
catch (Exception)
{
TempData[TempDataKeys.ErrorMessage] = "Unable to add files to this meeting.";
return RedirectToRoute("MeetingsIndex");
}
return View();
}
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Add(FormCollection form)
{
var member = Session[SessionStateKeys.Member] as Member;
var meeting = TempData[TempDataKeys.CurrentMeeting] as Meeting; /* meeting ends up null here */
if (member == null)
{
TempData[TempDataKeys.ErrorMessage] = "You must be logged in to add files to an meeting.";
return RedirectToRoute("LoginPage");
}
if (meeting == null)
{
TempData[TempDataKeys.ErrorMessage] = "An error occurred. No meeting selected.";
return RedirectToRoute("MeetingsIndex");
}
// add files to meeting
TempData[TempDataKeys.Notification] = "Successfully added.";
return RedirectToRoute("AddFiles", new {meetingId = meeting.MeetingId});
}
编辑:
根据大部分的答案,任何一个可以提供任何例子对什么样的数据(而不是其他的消息)的种类应存放在TempData的会话VS?
Based on most of the answers, can any one provide any examples on what kind of data (other than messages) should be stored in TempData vs Session?
推荐答案
TempData的是会话,因此,他们并不完全不同。然而,这种区分是很容易理解的,因为 TempData的是重定向,并重定向仅。所以,当你在TempData的设置一些消息,然后重定向,您正确使用TempData的。
TempData is session, so they're not entirely different. However, the distinction is easy to understand, because TempData is for redirects, and redirects only. So when you set some message in TempData and then redirect, you are using TempData correctly.
然而,会话使用任何类型的安全性是非常危险的。会议和成员在ASP.NET完全独立的。 <一href=\"https://blogs.sans.org/appsecstreetfighter/2009/06/14/session-attacks-and-aspnet-part-1/comment-page-1/\">You能偷从其他用户会议,是的,人们做攻击网站的这种方式。所以,如果你想选择停止根据用户是否登录后的信息,看<一个href=\"http://msdn.microsoft.com/en-us/library/system.web.htt$p$pquest.isauthenticated.aspx\">IsAuthenticated,如果你想根据记录在什么类型的用户选择显示的信息,您可以使用角色提供商。由于获取可以被缓存的的只有的方式来选择性地允许在可以访问一个动作是AuthorizeAttribute。
However, using Session for any kind of security is extremely dangerous. Session and Membership are entirely separate in ASP.NET. You can "steal" sessions from other users, and yes, people do attack web sites this way. So if you want to selectively stop a post information based on whether a user is logged in, look at IsAuthenticated, and if you want to selectively show information based on what type of user is logged in, you use a Role provider. Because GETs can be cached, the only way to selectively allow access to an action in a GET is with AuthorizeAttribute.
更新在回答你的问题编辑:你已经在你的问题使用的TempData,即失败的POST之后返回一个简单的错误消息的一个很好的例子。在什么样的条款应的存储在会话(超越并不多),我只是觉得届为用户特定的缓存。像非用户特定的缓存,你不应该把有安全敏感信息。但它是一个好地方坚持的东西是查找相对昂贵。例如,我们的Site.Master上有显示的用户的全名。存储在数据库中,我们不想做一个数据库查询它为我们服务的每一页。 (我们的应用程序的安装在一个单一的公司使用,因此用户的全名不被视为安全敏感。)所以,如果您认为会议作为由用户有一个cookie变化的缓存,你赢了 T为远矣。
Update In response to your edited question: You already have a good example of using TempData in your question, namely, returning a simple error message after a failed POST. In terms of what should be stored in Session (beyond "not much"), I just think of Session as a user-specific cache. Like the non-user-specific Cache, you should not put security-sensitive information there. But it's a good place to stick stuff which is relatively expensive to look up. For example, our Site.Master has the user's full name displayed on it. That is stored in a database, and we don't want to do a database query for it for every page we serve. (An installation of our application is used in a single company, so a user's full name is not considered "security-sensitive.") So if you think of Session as a cache which varies by a cookie which the user has, you won't be far wrong.
这篇关于何时在ASP.Net MVC中使用的TempData VS会议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
