Session.Abandon() 和 Session.Clear() 有什么区别
销毁会话和删除其值有什么区别?您能提供一个例子来证明这一点吗?
我搜索了这个问题,但没有掌握完整的答案。一些答案是:
Session.Abandon()销毁会话Session.Clear()只是删除所有值
一位朋友告诉我:
清除会话不会重置 会话,它仍然存在 用户的 ID 相同,但带有 值被简单地清除。
放弃将破坏会话 完全,这意味着你需要 在此之前开始新的会话 在会话中存储更多值 对于该用户。
下面的代码可以工作并且不会抛出任何异常。
Session.Abandon();
Session["tempKey1"] = "tempValue1";
当您 Abandon() 会话时,您(或 相反,用户)将得到一个新的 会话ID
当我测试会话时,当我放弃会话时它不会进行任何更改。
我只发现一处不同: session.Abandon() 引发 Session_End 事件
What is the difference between destroying a session and removing its values? Can you please provide an example demonstrating this?
I searched for this question, but don't grasp total answer. Some answers are:
Session.Abandon()destroys the sessionSession.Clear()just removes all values
A friend told me this:
Clearing the session will not unset
the session, it still exists with the
same ID for the user but with the
values simply cleared.Abandon will destroy the session
completely, meaning that you need to
begin a new session before you can
store any more values in the session
for that user.
The below code works and doesn't throw any exceptions.
Session.Abandon();
Session["tempKey1"] = "tempValue1";
When you Abandon() a Session, you (or
rather the user) will get a new
SessionId
When I test Session, it doesn't makes any change when I Abandon the session.
I just find one difference:session.Abandon() raises Session_End event
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(10)
清除 - 删除所有键和值来自会话状态集合。
放弃 - 删除会话中存储的所有对象。如果不显式调用 Abandon 方法,服务器会在会话超时时删除这些对象并销毁会话。
它还会引发 Session_End 等事件。
Session.Clear 可以比作从书架上删除所有书籍,而 Session.Abandon 则更像扔掉整个书架。
你说:
当您仅在一个请求内执行此操作时,这是正确的。
在下一次请求时,会话将有所不同。但会话 ID 可以重复使用,以便 ID 保持不变。
如果您将使用 Session.Clear,您将在许多请求中拥有相同的会话。
一般来说,大多数情况下你需要使用Session.Clear。
如果您确定用户将离开您的站点,则可以使用 Session.Abandon。
那么回到差异:
Clear - Removes all keys and values from the session-state collection.
Abandon - removes all the objects stored in a Session. If you do not call the Abandon method explicitly, the server removes these objects and destroys the session when the session times out.
It also raises events like Session_End.
Session.Clear can be compared to removing all books from the shelf, while Session.Abandon is more like throwing away the whole shelf.
You say:
This is correct while you are doing it within one request only.
On the next request the session will be different. But the session ID can be reused so that the id will remain the same.
If you will use Session.Clear you will have the same session in many requests.
Generally, in most cases you need to use Session.Clear.
You can use Session.Abandon if you are sure the user is going to leave your site.
So back to the differences:
当您
Abandon()会话时,您(或者更确切地说用户)将获得一个新的 SessionId(在下一个请求时)。当您
Clear()会话时,所有存储的值都会被删除,但 SessionId 保持不变。When you
Abandon()a Session, you (or rather the user) will get a new SessionId (on the next request).When you
Clear()a Session, all stored values are removed, but the SessionId stays intact.上面的各种回复有点涵盖了这一点,但是当我第一次阅读这篇文章时,我错过了一个重要的事实,这导致了我的代码中的一个小错误......
Session.Clear ()将清除所有键的值,但不会导致触发会话结束事件。Session.Abandon()不会清除当前请求的值。如果请求另一页,则该页的值将消失。然而,放弃将会引发该事件。因此,就我而言(也许在你的情况下?),我需要
Clear(),然后是Abandon()。This is sort of covered by the various responses above, but the first time I read this article I missed an important fact, which led to a minor bug in my code...
Session.Clear()will CLEAR the values of all the keys but will NOT cause the session end event to fire.Session.Abandon()will NOT clear the values on the current request. IF another page is requested, the values will be gone for that one. However, abandon WILL throw the event.So, in my case (and perhaps in yours?), I needed
Clear()followed byAbandon().这是因为当调用 Abandon 方法时,当前 Session 对象会排队等待删除,但直到处理完当前页面上的所有脚本命令后才真正删除。这意味着您可以在调用 Abandon 方法的同一页面上访问存储在 Session 对象中的变量,但不能在任何后续网页中访问。
例如,在以下脚本中,第三行打印值 Mary。这是因为在服务器处理完脚本之前,Session 对象不会被销毁。
如果您在后续网页上访问变量 MyName,则该变量为空。这是因为当包含前面示例的页面完成处理时,MyName 与前面的 Session 对象一起被销毁。
来自 MSDN Session.Abandon
It's because when the Abandon method is called, the current Session object is queued for deletion but is not actually deleted until all of the script commands on the current page have been processed. This means that you can access variables stored in the Session object on the same page as the call to the Abandon method but not in any subsequent Web pages.
For example, in the following script, the third line prints the value Mary. This is because the Session object is not destroyed until the server has finished processing the script.
If you access the variable MyName on a subsequent Web page, it is empty. This is because MyName was destroyed with the previous Session object when the page containing the previous example finished processing.
from MSDN Session.Abandon
将破坏/终止整个会话。
删除/清除会话数据(即当前会话中的键和值),但会话将处于活动状态。
与Session.Abandon()方法相比,Session.Clear()不会创建新的会话,它只是将会话中的所有变量设置为NULL。
只要浏览器未关闭,这两种情况下的会话 ID 将保持不变。
它从会话状态集合中删除所有键和值。
它从会话状态集合中删除一个项目。
它从会话状态集合中删除指定索引处的项目。
此属性指定分配给应用程序的 Session 对象的超时期限。 (时间将以分钟为单位指定)。
如果用户在超时时间内没有刷新或请求页面,则会话结束。
will destroy/kill the entire session.
removes/clears the session data (i.e. the keys and values from the current session) but the session will be alive.
Compare to Session.Abandon() method, Session.Clear() doesn't create the new session, it just make all variables in the session to NULL.
Session ID will remain same in both the cases, as long as the browser is not closed.
It removes all keys and values from the session-state collection.
It deletes an item from the session-state collection.
It deletes an item at a specified index from the session-state collection.
This property specifies the time-out period assigned to the Session object for the application. (the time will be specified in minutes).
If the user does not refresh or request a page within the time-out period, then the session ends.
清除会话会删除存储在其中的值,但您仍然可以在其中添加新值。销毁会话后,您无法在其中添加新值。
Clearing a session removes the values that were stored there, but you still can add new ones there. After destroying the session you cannot add new values there.
清除-从会话状态集合中删除键或值。
放弃-从会话中删除或删除会话对象。
clear-its remove key or values from session state collection..
abandon-its remove or deleted session objects from session..
sessionid 的存在可能会导致会话固定攻击,这是 PCI 合规性的要点之一。要删除 sessionid 并克服会话固定攻击,请阅读此解决方案 - 如何避免 ASP.NET 中的会话固定漏洞?。
Existence of sessionid can cause the session fixation attack that is one of the point in PCI compliance. To remove the sessionid and overcome the session fixation attack, read this solution - How to avoid the Session fixation vulnerability in ASP.NET?.
我认为使用 Session.Clear() 比使用 Session.Abandon() 更方便。
因为稍后调用后这些值仍然存在于会话中,但在调用前者后已被删除。
I think it would be handy to use
Session.Clear()rather than usingSession.Abandon().Because the values still exist in session after calling later but are removed after calling the former.
这里需要注意的一件事是,Session.Clear 会立即删除项目,但 Session.Abandon 会将会话标记为在当前请求结束时放弃。这仅仅意味着假设您在执行 session.abandon 命令后尝试访问代码中的值,它仍然存在。因此,如果您的代码在发出 session.abandon 命令并立即对会话执行一些逻辑后仍无法正常工作,请不要感到困惑。
One thing to note here that Session.Clear remove items immediately but Session.Abandon marks the session to be abandoned at the end of the current request. That simply means that suppose you tried to access value in code just after the session.abandon command was executed, it will be still there. So do not get confused if your code is just not working even after issuing session.abandon command and immediately doing some logic with the session.