ASP.NET 不良做法:存储在会话中的不可序列化对象 [英] ASP.NET Bad Practices: Non-Serializable Object Stored in Session
问题描述
我有一个类似的代码
Session["key"] = "value";
但根据 Fortify SCA 的说法,它被认为是一种不好的做法,原因是存储在会话中的不可序列化对象".
But it is considered as a bad practice according to Fortify SCA with the reason of "Non-Serializable Object Stored in Session".
截图如下:
解决这个问题的最佳方法是什么?如何使字符串value"可序列化?
What is the best way to solve this? How to make the string "value" to be serializable?
推荐答案
我认为这是误报.
来自强化文档:
为了使会话正确序列化,应用程序存储为会话属性的所有对象都必须声明 [Serializable]
属性.此外,如果对象需要自定义序列化方法,它还必须实现 ISerializable
接口.
In order for the session to be serialized correctly, all objects the application stores as session attributes must declare the
[Serializable]
attribute. Additionally, if the object requires custom serialization methods, it must also implement theISerializable
interface.
由于string
没有实现ISerializable
,所以不会通过检查.
Since string
doesn't implement ISerializable
, it will not pass the check.
这篇关于ASP.NET 不良做法:存储在会话中的不可序列化对象的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!