Cookie, Session, and application in ASP. NET

I was asked about cookies and sessions yesterday. I answered some questions, but some did not. I checked some materials specially this morning. I will summarize some of the useful materials and share them with you.

First, let's talk about the basic knowledge of cookies and sessions.

Cookies are stored on the client. They store a small amount of information in plain text and are often used to save information such as user IDs. Common scenarios are to "remember me" during logon ". It is not recommended to store sensitive information.

Sessions are session-level and stored on the server. Each user is unique and can be used to store the context information of the current user session on the server, such as a shopping cart. It can be saved in the memory of the server, not across servers; it can be saved in the database.

The above are some sporadic knowledge points. In fact, there are a lot more, such as the sessionid in the cookie, the session can also be saved by the Status server, so that the session can be saved by a dedicated server. The content in the cookie is of the string type, and the content in the session is of the object type. After the content in the session is obtained, the type must be converted to the required type.

In ASP. NET, you can configure it in the web. config file.

 

 
 

  
  
<configuration> 
  
  
    <system.web> 
  
  
<sessionState mode="InProc"  
  
  
                    timeout="20"  
  
  
                    cookieless="true"  
  
  
                    stateConnectionString="tcpip=localhost:42424"  
  
  
                     sqlConnectionString="" 
  
  
                    /> 
  
  
     
  
  
    </system.web> 
  
  
 
  
  
</configuration> 
 
 

For the parameter information in the configuration section, you can view the storage of the ASP. NET Session Status in details, and find an article about Cookie, which is also detailed.

 

 

 

There are two problems.

1 after the client disables cookies, can the session still be used?

2. How to transmit cookies on the client and server.

 

Answer.

1 after the client disables cookies, can the session still be used?

After the cookie is disabled, you can also use the session.

The Session status is stored in two places: client and server. The client saves the SessionID and Session information on the server. The SessionID of the client is saved in the Cookie. If the browser disables the cookie, the session will not be used.

In fact, sessionid can also be transmitted through url or through form, which can be customized.

In ASP. NET, session can be stored in two ways: cookie and cookieless. That is to say, you can also use session to disable cookies. After cookieless = true, you can choose to store the session in the status service or SQL Server. For details, refer to the final references.

 

2. How to transmit cookies on the client and server.

Cookies are transmitted on the client and server through the request and response headers.

Sending a cookie from the client to the server means that there is a cookie in the request header, which is the transmitted content.

When a cookie is transmitted from the server to the client, there is a set-cookie in the response header, which is the content of the cookie set through the background code.

This can be viewed using many packet capture tools, such as fiddler, httpwatch, and firebug.

References

1. ASP. NET Session state storage

2. Elaborate on cookies

3. Use the cookie's path correctly

This article is from the "breakthrough IT architects" blog, please be sure to keep this source http://virusswb.blog.51cto.com/115214/998456