存储登录的用户详细信息 [英] Storing logged in user details
问题描述
在创建 Web 应用程序时,假设您有一个表示单个用户的 User 对象,您认为存储该用户已登录的最佳方式是什么?
When creating a web application, and lets say you have a User object denoting a single user, what do you think is the best way to store that the user has logged in?
我想到的两种方式:
- 将用户数据库 ID 存储在会话变量中
- 将整个用户对象存储在会话变量中
任何更好的建议,使用上述方法有什么问题吗?可能是安全问题或内存问题等等.
Any better suggestions, any issues with using the above ways? Perhaps security issues or memory issues, etc, etc.
推荐答案
我建议存储 id 而不是对象.缺点是每次要获取该用户的信息时都必须访问数据库.但是,除非您的页面中的每一毫秒都很重要,否则性能应该不是问题.这里有两个优点:
I recommend storing the id rather than the object. The downside is that you have to hit the database every time you want to get that user's information. However, unless every millisecond counts in your page, the performance shouldn't be an issue. Here are two advantages:
如果用户的信息以某种方式发生变化,那么您将不会在会话中存储过时的信息.例如,如果管理员授予用户额外的权限,那么这些权限将立即可用,用户无需注销然后重新登录.
If the user's information changes somehow, then you won't be storing out-of-date information in your session. For example, if a user is granted extra privileges by an admin, then those will be immediately available without the user needing to log out and then log back in.
如果您的会话信息存储在硬盘驱动器上,那么您只能存储可序列化的数据.因此,如果您的 User 对象曾经包含诸如数据库连接、打开的套接字、文件描述符等内容,那么这将无法正确存储,也可能无法正确清理.
If your session information is stored on the hard drive, then you can only store serializable data. So if your User object ever contains anything like a database connection, open socket, file descriptor, etc then this will not be stored properly and may not be cleaned up properly either.
在大多数情况下,这些担忧不会成为问题,两种方法都可以.
In most cases these concerns won't be an issue and either approach would be fine.
这篇关于存储登录的用户详细信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
