Difference between session and cookies

SessionAndCookieSummary:

Session and cookie are all built-in objects in ASP. NET. As for their differences, I will not talk about them here. Now I will talk about some useful things:

We know that all websites have a background management system, which has two functions: logon and logout. During logon, we often save user information to session or cookie for later use, so what should we pay attention to when logging on?

1. Store some sensitive things in the session. The less sensitive things can be stored in the session or cookie. For example, the user name is not sensitive, but some Browsers Do not support cookie usage, so we will save it to the session, but sometimes the session is easy to lose in the server, so we can use it together with the cookie, that is, when the session is lost, if the cookie is still within our set validity period, we can retrieve the value from the cookie and put it into the session. Therefore, we 'd better use the session and cookie to save the user name and other information at the same time.

Or in the configuration file

<Sessionstate timeout = "2" mode = "StateServer"/>

To solve the problem of session loss.

2. We hope that the background management will invalidate the session and log on again without any operation. We can use the session. timeout = 5, in minutes, indicates that no other operation is performed within 5 minutes, alternatively, you can configure <sessionstate timeout = "5" mode = "inproc"/> in the configuration file.

3. Set cookie Validity Period

Httpcookie. expires = datetime. Now. addminutes (2 );

The cookie is valid for 2 minutes.

4. When determining whether the webpage has the permission to access the webpage, you can perform the following judgment:

If (request. Cookies ["httpcookie"]! = NULL)

{

Session ["admin"] = request. Cookies ["httpcookie"]. Values ["admin"]. tostring ();

}

If (session ["admin"] = NULL)

{

This. clientscript. registerstartupscript (this. getType (), "", "<SCRIPT> alert ('Please repeat the records'); location. href = 'logins. aspx '</SCRIPT> ");

}

Next, let's talk about how to do better when you exit.

1. When you exit, the session and cookie values must be cleared. Here are some differences between the session methods:

Session. Clear (): indicates that all session key values are cleared, but the session still exists, which is equal to session. removeall ()

Session ["admin"] = NULL: clears and releases the specified key value, which is different from session ["admin"] =, but the session is not released, which is the same as the session. remove ("name ");

Session. Abandon () is to delete the current session object, and the next session is the new session.

 

The main difference is that when session. Abandon is used, the session_end method is called (in inproc mode ). The session_start method is triggered when the next request arrives. Session. Clear only clears all data in the session and does not stop

The abandon method is used to actively end the session. If this method is not called, the current session is automatically ended when the session times out.

2. Let's see how to clear cookies.

A. tpcookie cookie = system. Web. httpcontext. Current. Request. Cookies. Get ("Tuser ");

Cookie. expires = datetime. Now. adddays (-1 );

System. Web. httpcontext. Current. response. Cookies. Add (cookie );

 

B. tpcookie httpcookie = request. Cookies ["httpcookie"];

Httpcookie. expires = datetime. Now. adddays (-1 );

Response. Cookies. Add (httpcookie );

Both methods of AB can be used.

3. Clear the current value of the session, that is, the session ["admin"] = NULL. Clear the cookie as described above.

 

 

Suggestions and comments:

1. When exiting, we can create a logout page to write time, which is better

2. When performing any operation, you can use if to determine whether it is null or not, so as to avoid NULL pointer exceptions.