当前位置: 动力学知识库 > 问答 > 编程问答 >

asp.net mvc - What is the difference between storing data in a session or the httpcontext object

问题描述:

I'm building a MVC3 application that needs to store secure user information such as userid, username, phone, and email. In my research I see people using the httpcontext object as well storing user objects in session state.

Session["User"] = user;

The previous data being stored in the user object. I'm wondering what the difference is between Session[""] and HttpContext object is and if either of these methods are a secure way to store this data.

Thanks for your thoughts!

网友答案:

HttpContext.Current.Items is a per-request store. It is not accessible to other users.

Session is a per USER store. It has a bad air surrounding it with performance as the session is locked per that users sessionid for each request, so overlapping requests can have performance issues in waiting for the object to become available.

Both are not available to other users unless in the case of session, someone steals (sniifs on the network) the session id and hijacks that session. Even then the data isn't accessible unless you have a trace page but keep in mind then the evil user may be able to surf pages as a different user if able to steal that and forms auth token (as just one example)

分享给朋友:
您可能感兴趣的文章:
随机阅读: