如何使用共享服务器保持会话活动? ASP.NET/MVC
目前,我的 Web 应用程序托管在具有以下配置 (web.config) 的共享服务器 (asphostcentral) 中:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies">
一段时间后,会话过期,用户将被重定向到登录页面并被迫再次输入其凭据。
我从支持部门得到的答案是:
由于这是共享服务器,建议您不要使用会话状态。 相反,请使用 cookie。编写 cookie 的方式非常非常 与session类似,只是实现方式不同。
在共享服务器上,服务器上可能还有其他站点 影响您的网站会话。
有人可以帮忙吗?您如何实施支持团队提供的解决方案?
Currently my web application is hosted in a shared server (asphostcentral) with the following configuration (web.config):
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies">
After some time, the session expires, the users are redirected to login page and forced to enter their credentials again.
The answer I received from support is:
As this is a shared server, you are advised not to use session state.
Instead, please use cookie. The way you program cookie is very, very
similar to session, except, the implementation is different.On a shared server, there are other sites on the server that may
impact your site sessions.
can anyone assist on this? do you how to implement the solution provided by support team?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在解决方案中使用会话状态,因此 Ctrl+F 并从代码中删除所有
Session痕迹。如果您需要为用户存储一些信息并且此信息是敏感信息,您可以将其存储到数据库中并稍后查询,或者使用身份验证 cookie 的 userData 部分。这完全取决于您当前如何使用该会话。So Ctrl+F in your solution and remove all traces of
Sessionfrom your code. If you need to store some information for the user and this information is sensitive you could either store it into the database and query it later or use the userData portion of the authentication cookie. It will all depend how are you currently using the session.使用 cookie 代替会话是危险的建议。请不要按字面意思理解。 Cookie 可以被客户端读取和伪造,并且有大小限制。
您可以:
我按顺序推荐这三种解决方案。
Using a cookie instead of the session is dangerous advice. Please do not take it literally. Cookies can be read and forged by clients and have a size limit.
You can:
I recommend, in order, these three solutions.