如何存储在cookie中的对象? [英] How to store an object in a cookie?
问题描述
虽然这是可能在C#中:(用户在这个实例中L2S类)
While this is possible in C#: (User is a L2S class in this instance)
User user = // function to get user
Session["User"] = user;
为什么这是不可能的?
why this is not possible?
User user = // function to get user
HttpCookie cookie = new HttpCookie();
cookie.Value = user;
和如何能不能做到?我不想存储cookie中的用户的ID,然后做一些验证。
and how can it be done? I don't want to store the id of the user within the cookie and then do some validation.
顺便说一下,如果可能的话,则它固定到存储饼干中的对象,而不是仅在ID?
Btw, if possible, is it secure to store an object within a cookie rather than only the ID ?
推荐答案
Cookie是只是字符串数据;做到这一点的唯一方法是序列化作为一个字符串(XML,JSON,任意的二进制基地-64,等等),但是,你不应该的真正的中,如果一个cookie相信任何涉及安全信息(我是谁?)作为一个:它是容易为最终用户去改变它,而b:你不希望任何事物的开销较大的每一个请求
A cookie is just string data; the only way to do that would be to serialize it as a string (xml, json, base-64 of arbitrary binary, whatever), however, you shouldn't really trust anything in a cookie if it relates to security information ("who am I?") as a: it is easy for the end-user to change it, and b: you don't want the overhead of anything biggish on every single request.
IMO,缓存这个作为服务器是正确的事情;不要把这个在cookie中。
IMO, caching this as the server is the correct thing; don't put this in a cookie.
这篇关于如何存储在cookie中的对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!