. Net FormsAuthenticationTicket session and cookies verify the usage of user information

FormsAuthenticationTicket session and cookies are three common methods for user login verification. The differences are as follows: 1) FormsAuthenticationTicket is. The authentication mechanism inherent in net framework2.0 and later versions, in essence, stores users' cookies in the client, which can partially reduce the memory consumption on the server, the user information does not need to be stored in the server memory as the session, and its data security is Microsoft to ensure, for detailed usage, please refer to the msdn official documentation: http://msdn.microsoft.com/zh-cn/library/system.web.security.formsauthenticationticket_members (v = vs.80 ). aspx. 2) The session uses session to store user information. It is easy to issue. You can add a session object to any location containing the http context and assign the object to the session because the session is of the object type, can be assigned a value by any object. In essence, a session is opened in the server memory to store the session value, and a cookie flag is left in the client browser, this is an id of the session on the server. It is not the specific content of the session object. This is relatively secure compared with data security, but it is only relative. This will consume memory on the server, but the impact should not be very big, unless your website has a large number of online users at the same time. However, the session mechanism still has some defects. Due to the process recycle mechanism in iis, sessions will be lost when the system is busy, and Session will be lost when IIS is restarted. In this way, the user needs to log on again or re-add the information such as the shopping cart and verification code to the Session. Therefore, Microsoft recommends using FormsAuthenticationTicket to verify user login. 3) cookies are indirectly used in both of the preceding methods. When using cookies to verify user identity, remember to encrypt them unless you set the cookie expiration time, otherwise, it will be easily exploited by hackers, causing unnecessary user information leakage. However, there is a limit on the size of data stored in cookies. The average value is no more than 4 kb. Some browsers support a relatively high level of data, but only some Browsers Do. We can only take the minimum value. The above is just my own comments. I hope you will give us some advice and make progress together by 650.) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/162IK044-0.gif "width =" 19 "height =" 19 "/>

This article is from the "fish to try" blog and will not be reposted!