存储会话信息在ASP.Net Cookie或会话状态？ [英] Store session info in ASP.Net Cookie or Session State?

问题描述

我需要为用户存储一些会话相关的数据。此数据不需要加密，但我想确保用户不能修改它。我认为我的选择是将它存储在一个隐藏字段，存储到一个cookie，或存储在ASP.Net会话状态。我需要的解决方案是服务器农场安全。

如果它存储在cookie或隐藏字段，那么我需要一种方法，以确保用户不能修改它。 / p>

您认为这类数据的最佳方法是什么？

解决方案

第一个问题我问自己关于会话数据：我真的需要他们？
请记住，web是无状态的，所以也许你可以重新设计你的应用程序不使用会话状态。
会话需要大量的管理和服务器资源。

同时您有两个解决方案：

• 因为你在一个农场把你的会话在SQL Server配置会话状态在web.config（它需要资源，它有点慢，但是是最安全的方式来存储会话数据，以确保用户不能修改它）




• 使用私人服务器密钥向您的Cookie添加加密/解密机制

  / ul>
  

  I need to store some session related data for a user. This data does not need to be encrypted but I want to ensure the user cannot modify it. I think my options are to store it into a hidden field, store it into a cookie, or store it in ASP.Net session state. I need the solution to be server farm safe.

  If its stored in a cookie or hidden field then I need a way to ensure a user can't modify it.

  What do you think is the best approach for this sort of data?

  解决方案

  First question I ask myself about session data: I really need them? Remember that web is stateless so maybe you can re-engineering your application to not use session state. Sessions requires a lot of management and server resources.

  Meanwhile you have two solutions:

  • because you are in a farm put your session on SQL Server configuring session state in web.config (it requires resources and it's a bit slower but is the safest way to store session data to ensure the user cannot modify it)

  • add an encryption/decryption mechanism to your cookie with a private server key

  这篇关于存储会话信息在ASP.Net Cookie或会话状态？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！