asp.net会话和表单身份验证时间性能在服务器上命中?
[英]asp.net session and forms authentication time performance hit on server?
问题描述
So I was given the task to set the session time out to 24hr, doing some reading on the web i found out that i also need to set the forms authentication to that time frame so the user is not logged out. 
所以我被赋予了将会话时间设置为24小时的任务,在网上做了一些阅读我发现我还需要将表单身份验证设置为该时间范围,以便用户不会注销。 My question is , are there any drawbacks on the server side? 我的问题是,服务器端有任何缺点吗? Will it work harder/slower thanks to the fact that it has to keep all those sessions in check ? 由于它必须控制所有这些会话,它会更难/更慢地工作吗?
2 个解决方案
解决方案1
1 2013-10-17 17:38:38
Its actually a bit more complex than that. 它实际上比那复杂一点。 I can't remember which is which but they have different expiries. 我不记得哪个是哪个,但他们有不同的期限。 Session timeout resets with every request whereas the forms auth ticket only resets after at least half the time out has expired. 会话超时会随每个请求重置,而表单身份验证票证仅在至少一半的时间到期后重置。 So this needs to be double the size of the session timeout. 所以这需要是会话超时大小的两倍。
解决方案2
1 已采纳 2013-10-17 17:38:47
Will it work harder/slower thanks to the fact that it has to keep all those sessions in check ?
There is no performance improvement or slow down for Server except that user doesn't need to re-login and server doesn't need to authenticate the user again. 除了用户不需要重新登录而服务器不需要再次对用户进行身份验证之外,服务器没有性能改进或速度减慢。
Once user is logged-in, server checks authentication cookie whether is still valid on every post back (doesn't matter how long or how short you set the timeout) . 用户登录后,服务器会检查身份验证cookie是否在每次回发时仍然有效(无论您设置超时的时间长短或多短) 。
Normally, you want to set form authentication time out to be larger than session time out. 通常,您希望将表单身份验证超时设置为大于会话超时。
For example, 例如,
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
</authentication>
<sessionState timeout="1440"/>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.