使用 ASP.NET 拆分和重新组合 Cookie 中的大字符串
我有一个大字符串想要保存在 cookie 中,但是我不知道每个 cookie 的最大字符串长度和最大 cookie 数量的最佳实践是什么。
我应该使用什么逻辑来拆分字符串,然后组合一组 cookie?
(Microsoft ADFS 或许还有 Siteminder 都采用这种技术,所以我对他们的实现感兴趣)
I have a large string that I want to save in a cookie, however I don't know what the best practices are for max string length per cookie, and max cookie count.
What logic should I use to split the string and later combine a set of cookies?
(Microsoft ADFS and perhaps Siteminder do this technique so I would be interested in what thier implementation is)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Cookie 是由浏览器处理的,因此每个浏览器都有不同的限制。
分割 cookie 只能起到临时作用,因为每个站点的 cookie 数据总量也有限制,而且还会增加每个页面上的数据传输开销
每个浏览器每个 cookie 的限制:
Internet Explorer 处理的最大 cookie 约为 3904 字节
Mozilla Firefox 处理最大大约 3136 字节的 cookie
当我在 Chrome 上进行一些测试时,chrome 内部崩溃并显示一个大 cookie,并且页面下方没有任何消息出现。
现在,Netscape 和 Microsoft 都已采取措施,根据 RFC 2109 限制 cookie 的数量,将 cookie 总数限制为 300 参考:http://www.cookiecentral.com/faq/#2.5
这样做的原因有很多,其中之一是黑客攻击,对一个网站进行成像,然后在 cookie 上上传完整视频:) 并用它填满您的硬盘...
我说最好的做法是在浏览器上保留一个小的cookie引用,并将其与服务器上的真实数据连接起来。从各方面来说越小越好。
如何对cookie进行测试,你可以编写这样的代码。
我的经验表明,当您尝试在 cookie 上使用不受控制的大数据时,会出现许多随机的不可预测的问题。我多次听到支持人员说:清除您的 cookie,然后重试:)
Cookies is something that handle by browsers, so each browser have different limits.
Split the cookie can help only temporary because there is also a limit to the total cookies data for each site, but also you add an overhead on the data transfer on each page
The limits for each browser per cookie:
Internet Explorer handle max cookie of about 3904 bytes
Mozilla Firefox handle max cookie of about 3136 bytes
When I make some tests on Chrome, the chrome crash inside with a large cookie, and no message appear nether the page.
Now both Netscape and Microsoft have measures in place that limit the number of cookies base on RFC 2109 limitations of total cookies count to 300 ref: http://www.cookiecentral.com/faq/#2.5
This is done for many reasons, one of them is the hacking, imaging a site that go and upload a full video on the cookies :) and full up your hard disk with it...
I say that the best practices is to keep a small cookie reference on the browser, and connect it with the real data on the server. The smaller the better from all aspects.
How to make your tests for the cookie, you can make a code like that.
My experience show many random unpredicted problems when you try to use uncontrolled large data on cookies. I have hear many times support say: Clear your cookies and try again :)