The biggest difference between a session and a cookie in asp: The cookie information is stored on the client side, and the session simply stores an ID on the client as a token that is validated with the server, and the real data is placed in the memory of the server. In the traditional web programming language (such as ASP), the session of the ...
The biggest difference between a session and a cookie in asp: The cookie information is stored on the client side, and the session simply stores an ID on the client as a token that is validated with the server, and the real data is placed in the memory of the server.
In traditional Web programming languages (such as ASP), the expiration of the session is strictly handled according to timeout, the timeout value is 20 minutes by default, but the problem is: There are usually a lot of users just look at the Web page, and then close the browser to leave, in this case, Server-side memory also holds the session data for a long time, if the user is a lot of, it is a waste of resources. By default, the system uses the InProc mode, which is in-process mode. In this case, the session is stored in the memory of the ASP. NET worker process mapping, and the problem is that the ASP. NET worker process is often recycled by the system in order to maintain good average performance. We can configure automatic recycling in IIS (for example, by time-period recycling, or when memory usage is up to how many values are automatically recycled). When an ASP. NET worker process is recycled, its mapped memory is emptied and initialized so that other programs can be used, so the session disappears as well, which is the main reason why the sesssion disappears for nothing.
How is the session stored and extracted?
1. On the server side there is a session pool, used to store each user submits session data, session for each client (or browser instance) is a "hand", the first time the user to establish a connection with the Web server, The server distributes a sessionid as an identity to the user. SessionID is a random string of 24 characters. Each time the user submits the page, the browser will include this SessionID in the HTTP header to the Web server, so that the Web server can distinguish between the client on the current request page, and this sessionid is a cookie stored in the client's memory, If you want to get the data from the session pool, the server will give the corresponding data return based on the unique SessionID ID submitted by the client.
2. Enter the correct account password, click Login, the page will output "Admin---Click Login"
How is the data of each client in the session pool stored?
1. The data stored in the session pool is a global type of data that can be accessed across pages, with only the unique data stored in each SessionID, such as: First you set: session["UserName"]= "admin", Then you set: session["UserName"]= "123" If the session is not over yet, so the SessionID is not changed, but the data in the session pool is overwritten. At this point the value of session["UserName" is "123", not the other.
Data in a 2.Session pool cannot be accessed across processes. such as: Open login.aspx page Write session["userName"]= "admin"; then the login page does not close, that is, this session does not end, in this case you will open a Login.aspx page in another browser session[" UserName "]=null
3. Enter the account password, click the login page Output "Admin---Click Login", if you click to get the session button, then the page only output "Admin---Click Get Session", if the page does not close, open another browser, click the Get Session button , the page cannot be applied.
The declaration period and destruction of the session
1.session Storage Data timing is a scrolling timing method. Specifically, if you open the write session, from the beginning of writing, this page if there is no commit operation, the default time is 20 minutes, 20 minutes after the session is automatically destroyed by the server, if there is a commit operation, the server will be re-timed after the submission and so on, until the set time to destroy.
2. You can set the time for the session to be destroyed. The above code is mentioned.
Four, the session is stored in the data is on the server, and each user, such as login operation, the session data will be written, so it is recommended to use the session cautiously, is less use.
Five, code example:
Html:
123456789101112131415161718192021222324252627282930 |
<
head
runat
=
"server"
>
<
title
></
title
>
<
script
src
=
"Scripts/jquery-1.4.1.min.js"
type
=
"text/javascript"
></
script
>
<
script
type
=
"text/javascript"
>
function getSessionClick(action) { //这个函数是为了知道哪一个提交按钮被点击
$("#hidlgc").val(""); //清空隐藏值
$("#hidlgc").val(action); //给隐藏控件赋值
}
</
script
>
</
head
>
<
body
>
<
form
id
=
"form1"
method
=
"post"
action
=
"MySession.aspx"
>
<
table
>
<
tr
>
<
td
>账号:</
td
><
td
><
input
type
=
"text"
name
=
"txtUid"
/></
td
>`
</
tr
>
<
tr
>
<
td
>密码:</
td
><
td
><
input
type
=
"password"
name
=
"txtPwd"
/></
td
>
</
tr
>
<
tr
>
<
td
colspan
=
"2"
>
<
input
type
=
"hidden"
value
=
""
id
=
"hidlgc"
name
=
"hidlgclick"
/>
<
input
onclick
=
"getSessionClick(‘lgclick‘)"
type
=
"submit"
value
=
"登录"
/>
<
input
type
=
"submit"
onclick
=
"getSessionClick(‘getSession‘)"
value
=
"获取session"
/>
<
input
type
=
"submit"
onclick
=
"getSessionClick(‘backLg‘)"
value
=
"退出登录"
/>
</
td
>
</
tr
>
</
table
>
</
form
>
</
body
>
|
ASP. NET Background Processing code:
12345678910111213141516171819202122232425 |
protected
void
Page_Load(
object
sender, EventArgs e)
{
//把用户id写入session中
if
(Request.Form[
"hidlgclick"
] ==
"lgclick"
)
{
if
(Request.Form[
"txtUid"
].ToString()==
"admin"
&&Request.Form[
"txtUid"
].ToString()==
"admin"
)
//判断用户登录
{
Session[
"userName"
] = Request.Form[
"txtUid"
].ToString();
//把用户id保存到session中
Response.Write(Session[
"userName"
].ToString()+
"---点击登录"
);
//获取session,并写入页面
}
}
//获取Session
if
(Request.Form[
"hidlgclick"
] ==
"getSession"
)
{
if (Session[
"userName"
] !=
null
)
{
Response.Write(Session[
"userName"
].ToString() +
"---点击获取session"
);
//获取session,并写入页面
}
}
//取消当前会话,相当于注销(退出登录)。
if
(Request.Form[
"hidlgclick"
] ==
"backLg"
)
{
Session.Abandon();
}
}
|
Set the session Expiration time
12 |
<system.web> <sessionState timeout="40"></sessionState> <!---设置session的过期时间,时间以分钟为单位--> |
Aps.net Session Overview (life cycle, time-out)