在什么情况下不会话变量死吗？ [英] Under what circumstances does a session variable die?

问题描述

我想使用一个会话变量的一些数据存储在我的MVC应用4，但我会话生命周期有点不确定。我有超时设置，并显然当用完了，但我很好奇，会发生什么（我如何控制会发生什么）去世时：

I want to use a session variable to store some data in my mvc 4 application but I'm a little unsure of the sessions life cycle. I have the timeout set and obviously it dies when that runs out but I'm curious as to what happens (and how I can control what happens) when:

• 在浏览器关闭


• 刷新页面


• 用户注销（我假设我需要手动处理这一个）

推荐答案

我觉得除了所有的意见（我认为是所有答案），去思考（其他）关键项是在的客户端侧的（浏览器），会话的饼干的。所以，如果例如设置我的浏览器每次我关闭它的时候，丢弃的Cookie会破发的会议。

I think aside from all the comments (which I think are all answers), the (other) key item to think about is that at the client side (browser), sessions are cookies. So if for example I set my browser to discard cookies each time I close it, that will "break" sessions.

显然，这并不适用于<青霉> Cookie会话的（这里的识别符是在URL）。

Obviously, this doesn't apply to cookieless sessions (where the "identifier" is in the URL).

此外，考虑上的永久的和的非持久这篇文章 的饼干（其中一个浏览器关闭，又名浏览器会话，将倾会话）。

Also, look into this post on persistent and non-persistent cookies (where a browser close, aka "browser session", will dump sessions).

MSDN文档：

ASP.NET必须跟踪会话ID对于每个用户，以便它可以将用户映射到服务器上的会话状态信息。 默认情况下，ASP.NET使用非持久性cookie 存储会话状态。但是，如果用户已禁用浏览器的cookies，会话状态信息不能存储在cookie中。

ASP.NET must track a session ID for each user so that it can map the user to session state information on the server. By default, ASP.NET uses a non-persistent cookie to store the session state. However, if a user has disabled cookies on the browser, session state information cannot be stored in a cookie.

ASP.NET提供了Cookie会话的形式替代。您可以将应用程序配置为不保存会话ID的cookie，但在你的网站的网页的URL。如果你的应用程序依赖于会话状态，则可以考虑将其配置为使用Cookie会话。但是，在某些有限的情况下，如果用户共享了别人，也许是网址的URL发送给同事，而该用户的会话仍然处于活动状态，那么这两个用户可以结束共享相同的会话 ，与联合国predictable结果。

ASP.NET offers an alternative in the form of cookieless sessions. You can configure your application to store session IDs not in a cookie, but in the URLs of pages in your site. If your application relies on session state, you might consider configuring it to use cookieless sessions. However, under some limited circumstances, if the user shares the URL with someone else—perhaps to send the URL to a colleague while the user's session is still active—then both users can end up sharing the same session, with unpredictable results.

这是说，并根据数据的类型，你想的坚持的对于x的时候，你也可以看看客户端的存储选项（例如的 网络/ DOM /本地存储的等）与/或配合甚至可能的替代，的基于服务器/存储的cookie 的。注意的是，这并不是免疫客户/用户操作（用户可以导出所有的数据，如果/每当他们想），也没有任何安全的含义。

That said, and depending on the type of data you want to persist for x time, you can also look into client side storage options (e.g. web/dom/local storage, etc.) in addition to/conjunction with or even perhaps a replacement to, server/cookie based storage. Note still, that this isn't "immune" to client/user action (user can dump all that data if/whenever they want to), nor any security implications.

这篇关于在什么情况下不会话变量死吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！