存储会话信息在ASP.Net Cookie或会话状态? [英] Store session info in ASP.Net Cookie or Session State?
问题描述
我需要为用户存储一些会话相关的数据。此数据不需要加密,但我想确保用户不能修改它。我认为我的选择是将它存储在一个隐藏字段,存储到一个cookie,或存储在ASP.Net会话状态。我需要的解决方案是服务器农场安全。
如果它存储在cookie或隐藏字段,那么我需要一种方法,以确保用户不能修改它。 / p>
您认为这类数据的最佳方法是什么?
第一个问题我问自己关于会话数据:我真的需要他们?
请记住,web是无状态的,所以也许你可以重新设计你的应用程序不使用会话状态。
会话需要大量的管理和服务器资源。
同时您有两个解决方案:
-
因为你在一个农场把你的会话在SQL Server配置会话状态在web.config(它需要资源,它有点慢,但是是最安全的方式来存储会话数据,以确保用户不能修改它)
-
使用私人服务器密钥向您的Cookie添加加密/解密机制
/ ul>I need to store some session related data for a user. This data does not need to be encrypted but I want to ensure the user cannot modify it. I think my options are to store it into a hidden field, store it into a cookie, or store it in ASP.Net session state. I need the solution to be server farm safe.
If its stored in a cookie or hidden field then I need a way to ensure a user can't modify it.
What do you think is the best approach for this sort of data?
解决方案First question I ask myself about session data: I really need them? Remember that web is stateless so maybe you can re-engineering your application to not use session state. Sessions requires a lot of management and server resources.
Meanwhile you have two solutions:
because you are in a farm put your session on SQL Server configuring session state in web.config (it requires resources and it's a bit slower but is the safest way to store session data to ensure the user cannot modify it)
add an encryption/decryption mechanism to your cookie with a private server key
这篇关于存储会话信息在ASP.Net Cookie或会话状态?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!