如果cookie被客户端的计算机上禁用哪里存储会话？什么是实际存储在会话？ [英] Where is session stored if cookie is disabled on client's machine? What is actually stored in session?

问题描述

在配置文件中我有以下设置

In config file I have the below settings

的sessionState模式=是InProc无Cookie =FALSE

sessionState mode="InProc" cookieless="false"

这是否表明的sessionid在饼干stroed？如果是的话那么它是如何采摘，发送到服务器，它是如何验证在回传。

Does this indicates that the sessionid is stroed in cookies? If yes then how is it picked and sent to the server and how is it verified across postbacks.

会发生什么，如果cookie是在浏览器中禁用，将在本届会议（会话ID和会话变量）仍然可以创造出来的？

What will happen if cookies are disabled in my browser, will the session(sessionid and session variables) still be created?

在哪里（默认路径）创建和默认保存会话cookie和我可以改变路径？

Where(default path) are the cookies created and stored by default for sessions and can i change the path?

什么格式和类型的数据存储在cookie中的会话？

What format and kind of data is stored in cookies for session?

如果我存储在会话，然后一类对象是什么实际存储在cookie吗？

If i store a class object in session then what is actually stored in cookies?

另外，如果我使用的身份验证模式与Cookie，然后形式，如果cookie是在浏览器中禁用会发生什么？

Also if i use authentication mode as forms with cookies then what will happen if cookies are disabled in browser?

推荐答案

会话cookie是一种特殊的非持续性的cookie。这只是存储在内存中，所以在大多数情况下，即使禁用cookie，它仍然能正常工作。

The session cookie is a special non-persistant cookie. It's only stored in memory, so in most cases even when cookies are disabled it still works fine.

也有可能使一些所谓那里的会话ID嵌入在URL Cookie的sesssions，像这样的：

It's also possible to enable something called cookieless sesssions where the sessionID is embedded in the URL, like this:

的http：// yourserver /文件夹/ （加密的会话ID在这里）/default.aspx

http://yourserver/folder/ (encrypted session ID here) /default.aspx

下面是一个MSDN文章更细节的链接：<一个href=\"http://msdn.microsoft.com/en-us/library/aa479314.aspx\">http://msdn.microsoft.com/en-us/library/aa479314.aspx

Here's a link to an MSDN article with more details: http://msdn.microsoft.com/en-us/library/aa479314.aspx

注意：它的是的可能完全阻止会话cookie。例如，在IE8，我刚走进工具> Internet选项>隐私。当我手摇滑块以高或更高，我的网站从来没有跳过登录屏幕，因为会话cookie被拦截 - 事实上，乔希斯托多拉在这种情况下，会议将甚至从来没有在服务器上创建说下面这一点。

NOTE: It is possible to completely block the session cookie. For instance, in IE8, I just went into Tools > Internet Options > Privacy. When I cranked the slider up to 'High' or greater, my sites never got past the login screen because the session cookie was blocked - in fact, Josh Stodola said below that in this case the session would never even be created on the server.

然而，了解到这种类型的行为有效地破坏了网络。所以，除非你正在构建面向阴谋论网站，在我看来（以及大多数在世界上最大的网站的观点），没有必要为了迎合用户的很小一部分谁不通过正常的游戏规则

However, understand that this type of behavior effectively breaks the Internet. So unless you're building a site targeted at conspiracy theorists, in my opinion (and the opinion of most of the largest sites in the world) there's no need to cater to the tiny percentage of users who don't play by the normal rules.

对于他们来说，互联网恰恰是行不通的它应该的方式。

For them, the Internet just isn't going to work the way it's supposed to.

这篇关于如果cookie被客户端的计算机上禁用哪里存储会话？什么是实际存储在会话？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！