Summary of Session and cookie usage

Ext.: http://www.cnblogs.com/shuang121/archive/2011/03/02/1968768.html

Session and the Cookies Summary of Usage:

The session and the cookie are all built-in objects in ASP. As for what the difference is, here is not much to say, now say something more practical:

We know that the site has a background management system, which has login and exit two features, when logged in we tend to save the user's information to the session or cookie for later use, then we should pay attention to when logging on?

1, put some sensitive things into the session, the less sensitive things can exist in the session or cookie, such as user name is not too sensitive, but in some browsers do not support the use of cookies, so we will put it into the session, But the session sometimes in the server is easy to lose, so we can use together with the cookie, that is, when the session is lost, if the cookie is still within the validity period we set, we can again remove the value from the cookie into the session, So we'd better use session and cookie to save information such as user name

Or in the config file.

<sessionstate timeout= "2" mode= "StateServer"/>

To solve the problem of missing session can also

2, we hope that the background management in the case of how long no operation, let the session fail, re-login, you can use session.timeout=5, in minutes, indicating no other operation within 5 minutes, it is invalid, or in the configuration file configuration < sessionstate timeout= "5" mode= "InProc"/> can also

3. Setting of the cookie expiration date

Httpcookie.expires = DateTime.Now.AddMinutes (2);

The cookie is valid for 2 minutes

4, the page to determine whether there is permission to access the page, you can judge as follows:

if (request.cookies["HttpCookie"]! = NULL)

{

session["admin"] = request.cookies["HttpCookie"]. values["Admin"]. ToString ();

}

if (session["admin"] = = null)

{

This. Clientscript.registerstartupscript (this. GetType (), "", "<script>alert (' Please re-login '); location.href= ' logins.aspx ' </script>");

}

The following is a good way to say what to do when you exit.

1, exit the session and the value of the cookie should be emptied, now to briefly talk about the difference between the several methods of the session:

Session.clear (): Indicates that the key value of all sessions in the session is emptied, but session still exists, equal to Session.removeall ()

session["Admin"]=null: The value of the key will be set to empty, and released, and session["admin"]= "" not the same, it emptied, but the session does not release, equal to the session. Remove ("name");

Session.Abandon () is to delete the current session object, the next time is the new session.

The main difference is that when Session.Abandon is used, the Session_End method is called (in InProc mode). The Session_Start method is fired when the next request arrives. And Session.clear just clears all the data in the session and does not abort the

Session, and therefore does not invoke those methods, the Abandon method is used to actively end the session, and if the method is not called, the current session is automatically ended when the session times out.

2, below to see how to clear cookies

A, Tpcookie cookie = System.Web.HttpContext.Current.Request.Cookies.Get ("Tuser");

Cookies. Expires = DateTime.Now.AddDays (-1);

SYSTEM.WEB.HTTPCONTEXT.CURRENT.RESPONSE.COOKIES.ADD (cookie);

B, Tpcookie HttpCookie = request.cookies["HttpCookie"];

Httpcookie.expires = DateTime.Now.AddDays (-1);

RESPONSE.COOKIES.ADD (HttpCookie);

AB two methods are available

3, so the session clears the current value can be session["admin"]=null on it, the cookie in accordance with the above method can be cleared

Suggestions and comments:

1, in the exit when we can create a logout page to write time, so better

2, regardless of what operation, can use if to determine whether the case is empty, as far as possible to judge, to prevent the occurrence of null pointer anomalies

Summary of Session and cookie usage