会话和Cookie之间有什么区别? [英] What is the difference between a Session and a Cookie?
问题描述
会话和Cookie之间有什么区别?
What is the difference between a Session and a Cookie?
每种情况下应该使用什么情况?
What circumstances should each be used?
推荐答案
会话
会话存储在每个用户的内存中(或替代会话状态)。会话使用Cookie(会话密钥)将用户绑定到会话。这意味着没有敏感数据存储在用户计算机上的cookie中。
Sessions are stored per-user in memory(or an alternative Session-State) on the server. Sessions use a cookie(session key) to tie the user to the session. This means no "sensitive" data is stored in the cookie on the users machine.
会话< a>通常用于在您浏览网站时保持状态。但是,它们也可以用于保存常用的对象。 仅当会话状态设置为InProc时,如果设置为其他会话状态模式对象还必须可序列化。
Sessions are generally used to maintain state when you navigate through a website. However, they can also be used to hold commonly accessed objects. Only if the Session-state is set to InProc, if set to another Session-State mode the object must also serializable.
Session["userName"] = "EvilBoy";
if(Session["userName"] != null)
lblUserName.Text = Session["userName"].ToString();
Cookie
Cookie 存储在用户计算机上的每个用户。 Cookie通常只是一些信息。 Cookie通常用于简单的用户设置颜色偏好等。 不要将任何敏感信息存储在Cookie中。
Cookies are stored per-user on the users machine. A cookie is usually just a bit of information. Cookies are usually used for simple user settings colours preferences ect. No sensitive information should ever be stored in a cookie.
您不能完全信任Cookie未被用户篡改,外部源,但如果安全是一个大问题,您必须使用cookie,那么您可以加密您的cookies或设置它们只通过SSL传输。用户可以随时清除其Cookie,或者完全不允许使用Cookie,因此您不能指望他们只是因为用户过去访问了您的网站。
You can never fully trust that a cookie has not been tampered with by a user or outside source however if security is a big concern and you must use cookies then you can either encrypt your cookies or set them to only be transmitted over SSL. A user can clear his cookies at any time or not allow cookies altogether so you cannot count on them being there just because a user has visited your site in the past.
//add a username Cookie
Response.Cookies["userName"].Value = "EvilBoy";
Response.Cookies["userName"].Expires = DateTime.Now.AddDays(10);
//Can Limit a cookie to a certain Domain
Response.Cookies["domain"].Domain = "Stackoverflow.com";
//request a username cookie
if(Request.Cookies["userName"] != null)
lblUserName.Text = Server.HtmlEncode(Request.Cookies["userName"].Value);
sidenote
sidenote
值得一提的是,ASP.NET还支持 cookieless 状态-management
It is worth mentioning that ASP.NET also supports cookieless state-management
这篇关于会话和Cookie之间有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!