如何存储在cookie中的对象？ [英] How to store an object in a cookie?

问题描述

虽然这是可能在C＃中：（用户在这个实例中L2S类）

While this is possible in C#: (User is a L2S class in this instance)

User user = // function to get user
Session["User"] = user;

为什么这是不可能的？

why this is not possible?

User user = // function to get user
HttpCookie cookie = new HttpCookie();
cookie.Value = user; 

和如何能不能做到？我不想存储cookie中的用户的ID，然后做一些验证。

and how can it be done? I don't want to store the id of the user within the cookie and then do some validation.

顺便说一下，如果可能的话，则它固定到存储饼干中的对象，而不是仅在ID？

Btw, if possible, is it secure to store an object within a cookie rather than only the ID ?

推荐答案

Cookie是只是字符串数据;做到这一点的唯一方法是序列化作为一个字符串（XML，JSON，任意的二进制基地-64，等等），但是，你不应该的真正的中，如果一个cookie相信任何涉及安全信息（我是谁？）作为一个：它是容易为最终用户去改变它，而b：你不希望任何事物的开销较大的每一个请求

A cookie is just string data; the only way to do that would be to serialize it as a string (xml, json, base-64 of arbitrary binary, whatever), however, you shouldn't really trust anything in a cookie if it relates to security information ("who am I?") as a: it is easy for the end-user to change it, and b: you don't want the overhead of anything biggish on every single request.

IMO，缓存这个作为服务器是正确的事情;不要把这个在cookie中。

IMO, caching this as the server is the correct thing; don't put this in a cookie.

这篇关于如何存储在cookie中的对象？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！