Many people who write programs know that the session is something on the server side and Cooike is the client. Because the B/s mode is stateless, their application is to store some of the client's login or encrypted information.
Session exists on the server side, of course, to occupy some server resources, when there are too many households, the inevitable impact on the server running speed and resources. While the cookie exists in the client without consuming server resources, when the user browses, the system reads the information in the cookie, makes a match, and thus reduces the security.
The expiration time of the session is too short, the default is 20 minutes in ASP., and the cookie can be customized from 1 minutes to 1 days and 1 years.
Sets the method for session invalidation. You can set the session to expire longer, but I didn't succeed in the experiment. Alternatively, you can set the session to SQL Server. This I do not understand, how the session is a very close to SQL server. Search on the Internet with refresh, the method of refreshing the page regularly can make the session not fail. Add Meta in head
<meta http-equiv= "Refresh" content= "~"/> This is 10 minutes to refresh
The new problem arises. I use a form that the user needs to enter information, if this refresh, when the user input half of the information, refresh, the input information will not be. Of course, this method is not suitable.
Cookies can be used if security performance requirements are not high.
When all applications use Sessin or cookies, be sure to determine whether the session or cookie is empty. If it is empty, you want to jump. Prompt the user, log back in or enter important information.
Recommendation: Http://hovertree.com/h/bjaf/vgwj5ad1.htm
Http://www.cnblogs.com/roucheng/p/texiao.html
ASP. NET Session and Cookie application