When building a website, one have to decide how to store the session info, when a user is logged in.
在构建网站时,必须决定在用户登录时如何存储会话信息。
What is a pros and cons of storing each session in its own file versus storing it in a database?
将每个会话存储在自己的文件中与将其存储在数据库中的优缺点是什么?
3 个解决方案
#1
2
I generally wouldnt ever store this information in a file - you run the risk of potentially swapping this file in and out of memory (yes it could be cached at times) but I would rather use an in memory mechanism designed as such and you are then using something that is fairly nonstandard. In ASP.Net
我通常不会将这些信息存储在一个文件中 - 你冒着可能将这个文件交换进内存的风险(是的,它有时可以缓存)但是我宁愿使用这样设计的内存机制然后你就是使用非常标准的东西。在ASP.Net中
-
you can use in in memory collection that is good for use on a single server. if you need multiple load balanced web servers (web farm) and a user could go to any other server as they come in for each request, this option is not good. If the web process restarts, the sessions are lost. They can also timeout.
您可以在内存集合中使用,它可以在单个服务器上使用。如果您需要多个负载均衡的Web服务器(Web场),并且用户可以在每个请求进入任何其他服务器时,此选项并不好。如果Web进程重新启动,则会话将丢失。他们也可以超时。
-
You can use a state server in asp.net for multiple server access - this runs outside of your webserver's process. If the web process restarts - you are OK and multiple servers access this. This traffic going to the state server is not encrypted and you would ideally use IPSEC policies to secure the traffic in a more secure environment.
您可以在asp.net中使用状态服务器进行多服务器访问 - 这在您的Web服务器进程之外运行。如果Web进程重新启动 - 您可以,并且多个服务器可以访问它。进入状态服务器的流量未加密,理想情况下,您可以使用IPSEC策略在更安全的环境中保护流量。
-
You can use sql server to manage state (automatically) by setting up the web.config to use sql server as your session database. This gives the advantage of a high performance database and multi server access.
您可以使用sql server来管理状态(自动),方法是设置web.config以使用sql server作为会话数据库。这提供了高性能数据库和多服务器访问的优势。
-
You can use your own sessions in a database if you need them to persist to a long time outside of the normal mechanism and want tighter control on the database fields (maybe you want to query specific fields)
您可以在数据库中使用自己的会话,如果您需要它们在常规机制之外持续很长时间并希望更严格地控制数据库字段(可能您想查询特定字段)
Also just out of curiosity - maybe you are referring to sessions as user preferences? In that case research asp.net profiles
也只是出于好奇 - 也许你将会话称为用户偏好?在那种情况下研究asp.net的个人资料
#2
1
Asp.net does not facilitate storing session in a file , i'm not sure about r-o-r though. However storing session in the memory( of the same process) is faster than having it in a db. Having it in a DB may give better scallability to your application ( in case you want to deploy your application in a web farm environment - all the servers has a common (db) to look for session).
Asp.net不利于在一个文件中存储会话,但我不确定r-o-r。但是,在内存中(同一进程)存储会话比在数据库中存储会话要快。将它放在数据库中可以为您的应用程序提供更好的可扩展性(如果您想在Web场环境中部署应用程序 - 所有服务器都有一个共同的(db)来查找会话)。
This code project article gives very good insight on asp.net session management.
这篇代码项目文章非常好地介绍了asp.net会话管理。
#3
1
I'm guessing, based on your previous questions, that this is being asked in the context of using perl's CGI::Application module, with CGI::Application::Plugin::Session. If you use that module with the default settings, it will write the session data into files stored in the /tmp directory - which is very similar to what PHP does. If your app is running in a shared hosting environment, you probably do NOT want to do this, for security reasons, since other users may be able to view/modify data in /tmp. You can fix this by writing the files into a directory that only you have permission to read/write (i.e., not /tmp). While developing, I much prefer to use YAML for serialization, rather than the default (storable), since it is human-readable. If you have your own web server, and you're able to run your database (mysql) server on the same machine, then storing the session data in a database instead of a file will usually yield higher performance - especially if you're able to maintain a persistent database connection (i.e. using mod_perl or fastcgi). BUT - if your database is on a remote host, and you have to open a new connection each time you need to update session data, then performance may actually be worse, and writing to a file may be better. Note that you can also use sqlite, which looks like a database to your app, but is really just a file on your local file system. Regardless of performance, the database option may be undesirable in shared-host environments because of bandwidth limitations, and other resource restrictions. The performance difference is also probably negligible for a low-traffic site (i.e., a few thousand hits per day).
我猜测,基于你之前的问题,这是在使用perl的CGI :: Application模块,CGI :: Application :: Plugin :: Session的上下文中提出的。如果您使用默认设置的模块,它会将会话数据写入存储在/ tmp目录中的文件 - 这与PHP的工作方式非常相似。如果您的应用程序在共享托管环境中运行,出于安全原因,您可能不希望这样做,因为其他用户可能能够查看/修改/ tmp中的数据。您可以通过将文件写入只有您具有读/写权限的目录(即,不是/ tmp)来解决此问题。在开发过程中,我更喜欢使用YAML进行序列化,而不是默认(可存储),因为它是人类可读的。如果您有自己的Web服务器,并且能够在同一台机器上运行数据库(mysql)服务器,那么将会话数据存储在数据库而不是文件中通常会产生更高的性能 - 特别是如果您能够维护持久的数据库连接(即使用mod_perl或fastcgi)。但是 - 如果您的数据库位于远程主机上,并且每次需要更新会话数据时都必须打开新连接,那么性能实际上可能会更糟,并且写入文件可能会更好。请注意,您也可以使用sqlite,它看起来像您的应用程序的数据库,但实际上只是本地文件系统上的文件。无论性能如何,由于带宽限制和其他资源限制,数据库选项在共享主机环境中可能是不合需要的。对于低流量站点(即每天几千次点击),性能差异也可以忽略不计。
#1
2
I generally wouldnt ever store this information in a file - you run the risk of potentially swapping this file in and out of memory (yes it could be cached at times) but I would rather use an in memory mechanism designed as such and you are then using something that is fairly nonstandard. In ASP.Net
我通常不会将这些信息存储在一个文件中 - 你冒着可能将这个文件交换进内存的风险(是的,它有时可以缓存)但是我宁愿使用这样设计的内存机制然后你就是使用非常标准的东西。在ASP.Net中
-
you can use in in memory collection that is good for use on a single server. if you need multiple load balanced web servers (web farm) and a user could go to any other server as they come in for each request, this option is not good. If the web process restarts, the sessions are lost. They can also timeout.
您可以在内存集合中使用,它可以在单个服务器上使用。如果您需要多个负载均衡的Web服务器(Web场),并且用户可以在每个请求进入任何其他服务器时,此选项并不好。如果Web进程重新启动,则会话将丢失。他们也可以超时。
-
You can use a state server in asp.net for multiple server access - this runs outside of your webserver's process. If the web process restarts - you are OK and multiple servers access this. This traffic going to the state server is not encrypted and you would ideally use IPSEC policies to secure the traffic in a more secure environment.
您可以在asp.net中使用状态服务器进行多服务器访问 - 这在您的Web服务器进程之外运行。如果Web进程重新启动 - 您可以,并且多个服务器可以访问它。进入状态服务器的流量未加密,理想情况下,您可以使用IPSEC策略在更安全的环境中保护流量。
-
You can use sql server to manage state (automatically) by setting up the web.config to use sql server as your session database. This gives the advantage of a high performance database and multi server access.
您可以使用sql server来管理状态(自动),方法是设置web.config以使用sql server作为会话数据库。这提供了高性能数据库和多服务器访问的优势。
-
You can use your own sessions in a database if you need them to persist to a long time outside of the normal mechanism and want tighter control on the database fields (maybe you want to query specific fields)
您可以在数据库中使用自己的会话,如果您需要它们在常规机制之外持续很长时间并希望更严格地控制数据库字段(可能您想查询特定字段)
Also just out of curiosity - maybe you are referring to sessions as user preferences? In that case research asp.net profiles
也只是出于好奇 - 也许你将会话称为用户偏好?在那种情况下研究asp.net的个人资料
#2
1
Asp.net does not facilitate storing session in a file , i'm not sure about r-o-r though. However storing session in the memory( of the same process) is faster than having it in a db. Having it in a DB may give better scallability to your application ( in case you want to deploy your application in a web farm environment - all the servers has a common (db) to look for session).
Asp.net不利于在一个文件中存储会话,但我不确定r-o-r。但是,在内存中(同一进程)存储会话比在数据库中存储会话要快。将它放在数据库中可以为您的应用程序提供更好的可扩展性(如果您想在Web场环境中部署应用程序 - 所有服务器都有一个共同的(db)来查找会话)。
This code project article gives very good insight on asp.net session management.
这篇代码项目文章非常好地介绍了asp.net会话管理。
#3
1
I'm guessing, based on your previous questions, that this is being asked in the context of using perl's CGI::Application module, with CGI::Application::Plugin::Session. If you use that module with the default settings, it will write the session data into files stored in the /tmp directory - which is very similar to what PHP does. If your app is running in a shared hosting environment, you probably do NOT want to do this, for security reasons, since other users may be able to view/modify data in /tmp. You can fix this by writing the files into a directory that only you have permission to read/write (i.e., not /tmp). While developing, I much prefer to use YAML for serialization, rather than the default (storable), since it is human-readable. If you have your own web server, and you're able to run your database (mysql) server on the same machine, then storing the session data in a database instead of a file will usually yield higher performance - especially if you're able to maintain a persistent database connection (i.e. using mod_perl or fastcgi). BUT - if your database is on a remote host, and you have to open a new connection each time you need to update session data, then performance may actually be worse, and writing to a file may be better. Note that you can also use sqlite, which looks like a database to your app, but is really just a file on your local file system. Regardless of performance, the database option may be undesirable in shared-host environments because of bandwidth limitations, and other resource restrictions. The performance difference is also probably negligible for a low-traffic site (i.e., a few thousand hits per day).
我猜测,基于你之前的问题,这是在使用perl的CGI :: Application模块,CGI :: Application :: Plugin :: Session的上下文中提出的。如果您使用默认设置的模块,它会将会话数据写入存储在/ tmp目录中的文件 - 这与PHP的工作方式非常相似。如果您的应用程序在共享托管环境中运行,出于安全原因,您可能不希望这样做,因为其他用户可能能够查看/修改/ tmp中的数据。您可以通过将文件写入只有您具有读/写权限的目录(即,不是/ tmp)来解决此问题。在开发过程中,我更喜欢使用YAML进行序列化,而不是默认(可存储),因为它是人类可读的。如果您有自己的Web服务器,并且能够在同一台机器上运行数据库(mysql)服务器,那么将会话数据存储在数据库而不是文件中通常会产生更高的性能 - 特别是如果您能够维护持久的数据库连接(即使用mod_perl或fastcgi)。但是 - 如果您的数据库位于远程主机上,并且每次需要更新会话数据时都必须打开新连接,那么性能实际上可能会更糟,并且写入文件可能会更好。请注意,您也可以使用sqlite,它看起来像您的应用程序的数据库,但实际上只是本地文件系统上的文件。无论性能如何,由于带宽限制和其他资源限制,数据库选项在共享主机环境中可能是不合需要的。对于低流量站点(即每天几千次点击),性能差异也可以忽略不计。