ASP.NET会话VS会话状态和饼干饼干VS少 [英] ASP.NET session vs session state and cookies vs cookie less
问题描述
请帮我我的理解是否正确。
-
ASP.NET会话存储在Web服务器上,并没有任何的cookie被用于此目的。
-
ASP.NET如果配置与webconfig->会话状态使用会话:然后我们就可以将其配置为要么stateconnection或SqlConnection的
。 -
如果ASP.NET配置为使用会话状态(无论是作为stateconnection或SqlConnection的),那么当用户使用在code,那么客户机上使用Cookie,除非你在webconfig指定无Cookie =真会议
-
如果我们使用
<的sessionState无Cookie =真/>则默认stateconnection设置为localhost
在谈论的会话在你想存储HTTP请求之间的用户数据(因为HTTP是无状态的,你可以在许多动态网站'T否则任何其他请求的请求关联的),但你不希望数据可读/可编辑在客户端,因为你不希望客户端玩弄这些数据不经过你的(服务器端) code。
的解决方案是用于存储数据的服务器端,给它一个id,并让客户只知道(并在每一个http请求回传),该标识。你去那里,会实现的。或者您可以使用客户端作为一种方便的远程存储,但你会加密数据,并为举报人保密的服务器端。
当然还有其他方面的考虑,就像你不希望人们劫持其他的会议,你要会话不会永远持续下去,但到期,等等。
会话状态包含与服务器有关的特定会话(由特定的客户端/浏览器/机)的信息。它来跟踪用户在做网站上..在多个页面......在一片网络的无状态的方式。例如特定用户的购物车中的内容是会话数据。 Cookie可以用于会话状态。
饼干的小块的文字,存储在客户端计算机上只能由网站设置的Cookie使用。这允许web应用来保存信息的用户,然后如果需要的话重新使用它的每一页上。
每次会议都会有SessionID的。和会话ID是一个唯一的编号,服务器在访问(会话)期间分配给特定的用户。和defaultely,会话ID被附加到一个cookie和该cookie将从客户端在其请求/响应来共享到服务器(和服务器到客户端)。而服务器将在此基础上从检索cookie的会话ID标识的会话。
和关于无Cookie 后,如果您的浏览器支持犯规Cookie或禁用,则Cookie的将被使用。既然是无Cookie,asp.net不能创建一个cookie保存会话ID。相反,会话ID将在查询字符串传递。
Please help me whether my understanding is right.
ASP.NET sessions are stored on the web server and no cookies whatsoever are used for this.
ASP.NET if configured to use session with webconfig->session state: then we can configure it as either stateconnection or as sqlconnection.
ASP.NET if configured to use session state (either as stateconnection or as sqlconnection) then when user uses sessions in code then the cookies on client machine are used unless you specify in webconfig that cookieless=true
If we use
<sessionState cookieless="true" />then by default the stateconnection is set to localhost
When talking about Session in many dynamic web sites you want to store user data between HTTP requests (because http is stateless and you can't otherwise associate a request to any other request), but you don't want that data to be readable / editable at client side because you don't want the client to play around with that data without passing through your (server side) code.
The solution is to store that data server side, give it an "id", and let the client only know (and pass back at every http request) that id. There you go, sessions implemented. Or you can use the client as a convenient remote storage, but you would encrypt the data and keep the secret server-side.
Of course there are other aspects to consider, like you don't want people to hijack other's sessions, you want sessions to not last forever but to expire, and so on.
Session State contains information that is pertaining to a specific session (by a particular client/browser/machine) with the server. It's a way to track what the user is doing on the site.. across multiple pages...amid the statelessness of the Web. e.g. the contents of a particular user's shopping cart is session data. Cookies can be used for session state.
Cookies are small pieces of text, stored on the client's computer to be used only by the website setting the cookies. This allows webapplications to save information for the user, and then re-use it on each page if needed. Every session will have SessionID. And Session ID is a unique number, server assigns to a specific user, during his visit(session). And defaultely, session ID is attached to a cookie and this cookie will be shared from client to server (and server to client) during its requests/responses. And server will identify session based on session id which is retrieved from cookie.
And regarding cookieless, if your browser doesnt support cookie or disabled, then cookieless will be used. Since it is Cookieless, asp.net can not create a cookie to save session id. Instead, the session id will be passed in query string.
这篇关于ASP.NET会话VS会话状态和饼干饼干VS少的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
