使用ajax请求使会话保持活动状态安全吗? [英] Is it safe to keep session alive using ajax request?
问题描述
我最近在我的母版页中实现了一小段javascript,每30秒执行一次ajax请求以保持会话正常运行.我知道有几个关于保持生命的问题,但是我还真的无法找到这些特定问题的答案.
I recently implemented a small snippet of javascript in my Master page that does an ajax request every 30 seconds to keep session alive. I know there are several questions regarding keep alive but I haven't really been able to find answers to these specific questions.
我的问题是:
-
这样做安全吗?像这样,如果有多个并发用户/连接,这会产生不利影响吗?
Is it safe to do this? As in, will this have any adverse effects if there are many concurrent users/connections?
我可以使用这种方法来延长超时时间,还是必须使用cookie?
Can I implement an extended timeout using this method or will I have to use cookies?
我对Cookie不太了解,但是现在相对可接受使用它们吗?还是会有用户不允许他们-他们将能够使用我的网站?
I don't know much about cookies, but are these relatively acceptable to use now? or will there be users who don't allow them - will they be able to use my site?
谢谢大家!
推荐答案
- 是的,这很安全.就负载而言,这取决于您的硬件及其编写方式,但是,它的效果没有比用户刷新页面更糟(可以说,考虑到AJAX调用相对于标准页面负载的开销,它的影响要小得多).
- 如果您要这样设置,您可以在
web.config中调整超时时间... - 这是您的私人电话. Cookies的目的是,只要是您的域,我就会发现它们是可以接受的,但确实意识到有些人禁用了它们,因此归结为后退.
- Yes it's safe. As far as load, that's up to your hardware and how you write it, but it has no worse effect than users refreshing the page (arguably less considering the overhead of an AJAX call over a standard page load).
- You can adjust the timeout in the
web.configif that's what you're asking... - That's a personal call on you. Cookies have their purpose, and I find them acceptable as long as it's your domain, but do realize some people disable them and so it comes down to having a fall-back.
有些事情要记住:
- 银行在检查财务状况时使用相同的方法来保持会话正常进行,但是通常会在询问您是否要继续之前弹出一个弹出窗口.
- 强制用户长时间登录超出正常时间可能会带来安全风险(例如,有人在图书馆或学校的计算机上登录并离开办公桌,请确保该会话继续进行到第二天[或更长时间] ]?)
这篇关于使用ajax请求使会话保持活动状态安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
