会话是存储在客户端还是服务器端

时间:2021-08-08 03:14:25

I was wondering if HttpContext.Session uses cookies to store data. A work collegue told me that in a mobi site, phones generally do not have cookies and therefore you dont have session. I always thought session is data that is stored on the server side and is not dependant on client side objects please explain if I am wrong.

我想知道HttpContext。会话使用cookie来存储数据。一位同事告诉我,在mobi网站上,手机通常没有cookie,因此你没有session。我一直认为会话是存储在服务器端并且不依赖于客户端对象的数据,如果我错了请解释。

I read this

我读这个

5 个解决方案

#1


46  

In ASP.NET; you have a Session cookie. This cookie is used to identify which session is yours; but doesn't actually contain the session information.

在ASP.NET;你有一个会话cookie。此cookie用于识别哪个会话是您的;但实际上不包含会话信息。

By default, ASP.NET will store session information in memory inside of the worker process (InProc), typically w3wp.exe. There are other modes for storing session, such as Out of Proc and a SQL Server.

默认情况下,ASP。NET将在worker进程(InProc)内的内存中存储会话信息,通常是w3wp.exe。还有其他用于存储会话的模式,比如Out of Proc和一个SQL Server。

ASP.NET by default uses a cookie; but can be configured to be "cookieless" if you really need it; which instead stores your Session ID in the URL itself. This typically has several disadvantages; such as maintence of links become difficult, people bookmarking URLs with expired session IDs (so you need to handle expired session IDs, etc). Most modern phones, even non-smart phones, support cookies. Older phones may not. Whether you need to support cookieless sessions is up to you.

ASP。NET默认使用cookie;但如果您确实需要的话,可以配置为“无饼干”;它将会话ID存储在URL本身中。这通常有几个缺点;例如,维护链接变得困难,人们用过期的会话id对url进行书签(因此需要处理过期的会话id等)。大多数现代手机,甚至非智能手机都支持cookie。旧手机可能不会。是否需要支持无趣会话取决于您。

If your URL looked like this:

如果你的URL是这样的:

http://www.example.com/page.aspx

http://www.example.com/page.aspx

A cookieless URL would look like this:

一个没有cookie的URL会是这样的:

http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/page.aspx

http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/ page.aspx

Where lit3py55t21z5v55vlm25s55 is a session ID.

其中lit3py55t21z5v55vlm25s55是会话ID。

You can learn more about ASP.NET's session state here

您可以了解更多关于ASP。净的会话状态

#2


24  

The session data is stored on the server, but it also stores an id string in a cookie to identify the user.

会话数据存储在服务器上,但它也在cookie中存储id字符串以标识用户。

If cookies are not supported, the id string can't be stored, and the server can't pair the session when the user makes another request.

如果不支持cookie,则不能存储id字符串,并且当用户发出另一个请求时,服务器不能对会话进行配对。

The session id is just a number generated by the server (either from a counter or randomly), so it doesn't contain any information from the data that you store in the session object.

会话id只是服务器生成的一个数字(从计数器或随机生成),因此它不包含您在会话对象中存储的数据的任何信息。

(The application can also be configured to put the session in the URL instead of in a cookie. This enables you to use sessions without cookies, but it ruins your nice URLs.)

(还可以将应用程序配置为将会话放在URL而不是cookie中。这使您可以使用没有cookie的会话,但它会破坏您的良好url。

#3


13  

Nowadays it can be both.

如今,这两者兼而有之。

Server Session

Server Side session already explained in the others posts. The session is stored on the server but it need a cookie to store an indicator of who is requesting the session value.

服务器端会话已经在其他帖子中解释过了。会话存储在服务器上,但它需要一个cookie来存储谁在请求会话值的指示器。

Client Session

The new concept of WebStorage defined by W3C shows how a client side session is nowasays needed. Here is the HTML5 implementation of a WebStorage: https://code.google.com/p/sessionstorage/

W3C定义的WebStorage的新概念显示了客户端会话现在是如何被需要的。以下是WebStorage的HTML5实现:https://code.google.com/p/sessionstorage/

#4


2  

This is a tricky question in some ways, as it is a bit of both.

在某些方面,这是一个棘手的问题,因为这两者兼而有之。

The session state, itself, is stored on the server. But, you need some type of indicator on the client to use it. Normally, this is a server cookie, which is very thin and is basically a GUID for the session and nothing more. But, you can set up sites to pass the session ID in the URI, so it need not be a cookie.

会话状态本身存储在服务器上。但是,您需要客户端上某种类型的指示器来使用它。通常,这是一个服务器cookie,非常瘦,基本上是会话的GUID,仅此而已。但是,您可以设置站点来在URI中传递会话ID,因此它不必是cookie。

Not sure how phones deal with the session cookie concept, but since I can log in, and do not see IDs in URIs, I assume there is a mechanism, even if it does not handle user cookies.

我不确定手机是如何处理会话cookie概念的,但是因为我可以登录,并且在uri中看不到id,所以我假设有一个机制,即使它不处理用户cookie。

#5


2  

Session id is by defauld stored as cookie. You can also configure your session to pass its id as a query parameter ("cookieless").

会话id由defauld存储为cookie。您还可以将会话配置为将其id作为查询参数传递(“无cookie”)。

#1


46  

In ASP.NET; you have a Session cookie. This cookie is used to identify which session is yours; but doesn't actually contain the session information.

在ASP.NET;你有一个会话cookie。此cookie用于识别哪个会话是您的;但实际上不包含会话信息。

By default, ASP.NET will store session information in memory inside of the worker process (InProc), typically w3wp.exe. There are other modes for storing session, such as Out of Proc and a SQL Server.

默认情况下,ASP。NET将在worker进程(InProc)内的内存中存储会话信息,通常是w3wp.exe。还有其他用于存储会话的模式,比如Out of Proc和一个SQL Server。

ASP.NET by default uses a cookie; but can be configured to be "cookieless" if you really need it; which instead stores your Session ID in the URL itself. This typically has several disadvantages; such as maintence of links become difficult, people bookmarking URLs with expired session IDs (so you need to handle expired session IDs, etc). Most modern phones, even non-smart phones, support cookies. Older phones may not. Whether you need to support cookieless sessions is up to you.

ASP。NET默认使用cookie;但如果您确实需要的话,可以配置为“无饼干”;它将会话ID存储在URL本身中。这通常有几个缺点;例如,维护链接变得困难,人们用过期的会话id对url进行书签(因此需要处理过期的会话id等)。大多数现代手机,甚至非智能手机都支持cookie。旧手机可能不会。是否需要支持无趣会话取决于您。

If your URL looked like this:

如果你的URL是这样的:

http://www.example.com/page.aspx

http://www.example.com/page.aspx

A cookieless URL would look like this:

一个没有cookie的URL会是这样的:

http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/page.aspx

http://www.example.com/(S(lit3py55t21z5v55vlm25s55))/ page.aspx

Where lit3py55t21z5v55vlm25s55 is a session ID.

其中lit3py55t21z5v55vlm25s55是会话ID。

You can learn more about ASP.NET's session state here

您可以了解更多关于ASP。净的会话状态

#2


24  

The session data is stored on the server, but it also stores an id string in a cookie to identify the user.

会话数据存储在服务器上,但它也在cookie中存储id字符串以标识用户。

If cookies are not supported, the id string can't be stored, and the server can't pair the session when the user makes another request.

如果不支持cookie,则不能存储id字符串,并且当用户发出另一个请求时,服务器不能对会话进行配对。

The session id is just a number generated by the server (either from a counter or randomly), so it doesn't contain any information from the data that you store in the session object.

会话id只是服务器生成的一个数字(从计数器或随机生成),因此它不包含您在会话对象中存储的数据的任何信息。

(The application can also be configured to put the session in the URL instead of in a cookie. This enables you to use sessions without cookies, but it ruins your nice URLs.)

(还可以将应用程序配置为将会话放在URL而不是cookie中。这使您可以使用没有cookie的会话,但它会破坏您的良好url。

#3


13  

Nowadays it can be both.

如今,这两者兼而有之。

Server Session

Server Side session already explained in the others posts. The session is stored on the server but it need a cookie to store an indicator of who is requesting the session value.

服务器端会话已经在其他帖子中解释过了。会话存储在服务器上,但它需要一个cookie来存储谁在请求会话值的指示器。

Client Session

The new concept of WebStorage defined by W3C shows how a client side session is nowasays needed. Here is the HTML5 implementation of a WebStorage: https://code.google.com/p/sessionstorage/

W3C定义的WebStorage的新概念显示了客户端会话现在是如何被需要的。以下是WebStorage的HTML5实现:https://code.google.com/p/sessionstorage/

#4


2  

This is a tricky question in some ways, as it is a bit of both.

在某些方面,这是一个棘手的问题,因为这两者兼而有之。

The session state, itself, is stored on the server. But, you need some type of indicator on the client to use it. Normally, this is a server cookie, which is very thin and is basically a GUID for the session and nothing more. But, you can set up sites to pass the session ID in the URI, so it need not be a cookie.

会话状态本身存储在服务器上。但是,您需要客户端上某种类型的指示器来使用它。通常,这是一个服务器cookie,非常瘦,基本上是会话的GUID,仅此而已。但是,您可以设置站点来在URI中传递会话ID,因此它不必是cookie。

Not sure how phones deal with the session cookie concept, but since I can log in, and do not see IDs in URIs, I assume there is a mechanism, even if it does not handle user cookies.

我不确定手机是如何处理会话cookie概念的,但是因为我可以登录,并且在uri中看不到id,所以我假设有一个机制,即使它不处理用户cookie。

#5


2  

Session id is by defauld stored as cookie. You can also configure your session to pass its id as a query parameter ("cookieless").

会话id由defauld存储为cookie。您还可以将会话配置为将其id作为查询参数传递(“无cookie”)。