有没有办法获得当前的Session对象? [英] Is there a way to obtain a Session object other than the current one ?
问题描述
如果我有会话ID(字符串),我可以以某种方式获取与该ID相关联的会话对象
(当然存在)?
我知道这听起来很邪恶,但我有一个情况,我必须从客户端(IE)发出
请求,但出于安全考虑,我无法访问
标头当前请求,所以我不能让我的新请求包含
相同的会话ID cookie。所以我在想,如果我将会话ID作为我在aspx页面中检索到的
参数传递,我可以使用此ID来获取会话。
检索会话。 br />
一个更好的解决方案,就是能够从IE窗体控件托管
在IE中获取(以管理方式)当前的标头请求,
但是这个问题不属于这个论坛,我只是提到它是
背景信息。
-
FP
软件FX
" SFX" <无***** @ softwarefx.com>在消息中写道
news:e5 ************** @ TK2MSFTNGP12.phx.gbl ...如果我有一个会话ID(字符串)可以以某种方式获取与该ID相关联的会话对象(当然存在)吗?
我知道这听起来很邪恶,但我有一种情况需要我做来自客户端(IE)的请求,但出于安全原因,我无法访问当前请求的
标头,因此我无法使我的新请求包含
相同的会话ID cookie。所以我想如果我将会话ID作为
a参数传递给我在我的aspx页面中检索,我可以使用此ID来检索会话。
如果会话ID不是来自当前请求,则会出现
安全漏洞。
-
John Saunders
johnwsaundersiii at hotmail
您可以使用Application_Start
方法创建一个应用程序范围ArrayList Global.asax中。然后在Session_Start中将会话或
httpContext对象添加到ArrayList。然后每个当前
请求的上下文将可用于其他会话中的服务器端代码。
MS KB文章309018可能是一个很好的起点对你而言。
Dale Preston
MCAD,MCSE,MCDBA
news:e5 ************** @ TK2MSFTNGP12.phx.gbl ...如果我有一个会话ID(字符串)可以以某种方式获取与该ID相关联的会话对象(当然存在)吗?
我知道这听起来很邪恶,但我有一种情况需要我做来自客户端(IE)的请求,但出于安全原因,我无法访问当前请求的
标头,因此我无法使我的新请求包含
相同的会话ID cookie。所以我想如果我将会话ID作为
a参数传递给我在我的aspx页面中检索,我可以使用此ID来检索会话。
更好解决方案,将能够从IE中托管的Windows Form Control中获取(以管理方式)当前
请求的标头,但此问题不属于此论坛,我只是提到它作为
背景信息。
-
FP
软件FX
"戴尔" <哒************ @ msndotcomNot.Net>在消息中写道
新闻:OQ ************** @ TK2MSFTNGP10.phx.gbl ...您可以创建一个应用程序范围ArrayList与Global.asax中的Application_Start
方法。然后在Session_Start中将会话或
httpContext对象添加到ArrayList。然后,每个当前
请求的上下文将可用于其他会话中的服务器端代码。
MS KB文章309018可能是一个很好的起点。
请注意上面的知识库文章确实_not_谈论在
申请状态中保存会话。
当一个页面引用Session,它指的是一个
HttpSessionContext对象,该对象在页面持续时间内有效
请求。此对象允许当前请求中的代码访问为当前会话存储的会话状态
。但是会话只是一个
对象,可以访问会话状态 - 它不是会话状态
本身。
有没有理由相信存储会话的值。将
允许您使用这些值来访问多个
会话的会话状态。它可能恰好工作(更有可能,它似乎会起作用),
但这并不能保证它明天不会破坏。
除非微软提供了一个记录在案的解决方案,否则我会远离这个想法,就像瘟疫一样。
当然,它也具有相同的安全性我之前提到的问题,最重要的是
其他所有。
-
John Saunders
johnwsaundersiii at hotmail
If I have a session ID (string) can I somehow obtain the session object
associated to that ID (it exist of course) ?
I know this sounds wicked but I have a situation in which I have to make a
request from the client (IE) but for security reasons I can not access the
headers of the current request, so I can not make my new request contain the
same session ID cookie. So I was thinking that if I pass the session ID as a
parameter which I have retrieved in my aspx page, I could use this ID to
retrieve the session.
A better solution, would be to be able, from a Windows Form Control hosted
inside IE to obtain (in a managed way) the headers for the current request,
but this issue doesn''t belong in this forum , I just mention it as
background information.
--
FP
Software FX
"SFX" <no*****@softwarefx.com> wrote in message
news:e5**************@TK2MSFTNGP12.phx.gbl...If I have a session ID (string) can I somehow obtain the session object
associated to that ID (it exist of course) ?
I know this sounds wicked but I have a situation in which I have to make a
request from the client (IE) but for security reasons I can not access the
headers of the current request, so I can not make my new request contain the same session ID cookie. So I was thinking that if I pass the session ID as a parameter which I have retrieved in my aspx page, I could use this ID to
retrieve the session.
If the session ID were not from the current request, then there would be a
security flaw.
--
John Saunders
johnwsaundersiii at hotmail
You can create an application scope ArrayList with the Application_Start
method in the Global.asax. Then in the Session_Start add the session or
httpContext object to the ArrayList. Then the contexts of each current
request will be available to the server side code in the other sessions.
MS KB article 309018 might be a good starting point for you.
Dale Preston
MCAD, MCSE, MCDBA
"SFX" <no*****@softwarefx.com> wrote in message
news:e5**************@TK2MSFTNGP12.phx.gbl...If I have a session ID (string) can I somehow obtain the session object
associated to that ID (it exist of course) ?
I know this sounds wicked but I have a situation in which I have to make a
request from the client (IE) but for security reasons I can not access the
headers of the current request, so I can not make my new request contain the same session ID cookie. So I was thinking that if I pass the session ID as a parameter which I have retrieved in my aspx page, I could use this ID to
retrieve the session.
A better solution, would be to be able, from a Windows Form Control hosted
inside IE to obtain (in a managed way) the headers for the current request, but this issue doesn''t belong in this forum , I just mention it as
background information.
--
FP
Software FX
"Dale" <da************@msndotcomNot.Net> wrote in message
news:OQ**************@TK2MSFTNGP10.phx.gbl...You can create an application scope ArrayList with the Application_Start
method in the Global.asax. Then in the Session_Start add the session or
httpContext object to the ArrayList. Then the contexts of each current
request will be available to the server side code in the other sessions.
MS KB article 309018 might be a good starting point for you.
Note that the above KB article does _not_ talk about saving Session in
Application state.
When a page makes reference to Session, it is referring to an
HttpSessionContext object which is valid for the duration of the page
request. This object allows code in the current request to gain access to
the Session state stored for the current session. But "Session" is only an
object which gives access to the session state - it is not the session state
itself.
There is no reason to believe that storing the values of "Session" will
allow you to use those values to access the session state of multiple
sessions. It may just happen to work (more likely, it will appear to work),
but this is no guarantee that it won''t break tomorrow.
Unless Microsoft provides a documented solution to this, I would stay away
from this idea like the plague.
Of course, it also has the same security problems I mentioned before, on top
of all else.
--
John Saunders
johnwsaundersiii at hotmail
这篇关于有没有办法获得当前的Session对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
