为什么使用post来保持会话活着?
[英]Why use post to keep session alive?
问题描述
I'm developing a web application with C# MVC and using Session to persist data between multiple requests. 
我正在使用C#MVC开发一个Web应用程序,并使用Session在多个请求之间保存数据。
Sometimes the session timed out so I looked for way to keep it alive and found some solutions here in stackoverflow. 有时候会话超时,所以我找到了保持活着的方法,并在stackoverflow中找到了一些解决方案。 Being reluctant to simply copy-paste code into my project I attempted to rewrite the code to fit my needs and understand it better. 我不愿意简单地将代码复制粘贴到我的项目中,而是试图重写代码以满足我的需求并更好地理解它。
At first I attempted to keep the session alive using the following code: 起初我尝试使用以下代码使会话保持活动状态:
JS + jQuery - client side: JS + jQuery - 客户端:
function keepAliveFunc(){
setTimeout("keepAlive()", 300000);
};
function keepAlive() {
$.get("/Account/KeepAlive", null, function () { keepAliveFunc(); });
};
$(keepAliveFunc());
C# - server side: C# - 服务器端:
[HttpGet]
public bool KeepAlive()
{
return true;
}
This however did not seem to keep my session alive, it expired normally. 然而,这似乎并没有保持我的会话活着,它正常到期。 After a while of fiddling around I changed the code to: 经过一段时间的摆弄,我将代码更改为:
JS + jQuery - client side: JS + jQuery - 客户端:
function keepAliveFunc(){
setTimeout("keepAlive()", 10000);
};
function keepAlive() {
$.post("/Account/KeepAlive", null, function () { keepAliveFunc(); });
};
$(keepAliveFunc());
C# - server side: C# - 服务器端:
[HttpPost]
public JsonResult KeepAlive()
{
return new JsonResult { Data = "Success" };
}
The latter worked well which has me conclude, with some uncertainty, that the Session is kept alive because of the POST request instead of the GET. 后者运行良好,我得出结论,有一些不确定性,由于POST请求而不是GET,Session保持活跃。 Which raises the question: Why do I need to use POST when trying to keep my Session alive? 这提出了一个问题:为什么在尝试保持Session的活动时需要使用POST? What's the difference? 有什么不同? Am I making some other mistake which I do not comprehend? 我是否犯了其他一些我不理解的错误?
I've looked for answers but I cannot seem to find any on this matter, merely solutions without much explanation. 我找到了答案,但我似乎无法找到任何关于这个问题,只是没有太多解释的解决方案。 Reading up on Session on MSDN also didn't help me much. 阅读MSDN上的Session也对我没什么帮助。 This makes me conclude that there are some "words" related to Session and this perticular problem that I haven't encountered yet which makes me unable to google effectively. 这让我得出结论,有一些与Session相关的“单词”和我尚未遇到的这个问题,这使得我无法有效地进行谷歌搜索。
1 个解决方案
解决方案1
4 已采纳 2016-02-16 11:27:06
With either GET or POST, the browser does send the SessionId cookie with the request. 无论是GET还是POST,浏览器都会发送带有请求的SessionId cookie。 So for keep-alive purposes it doesn't matter which one you use. 因此,为了保持活力,使用哪一个并不重要。 Most likely you are seeing the difference in behavior because of the different interval you and "pinging" the server. 很可能你会看到行为上的差异,因为你和服务器“ping”的间隔不同。
With the GET request you did it at an interval of 300000 ms, while with the POST request you did it at an interval of 10000 ms. 使用GET请求时,您以300000 ms的间隔执行此操作,而使用POST请求则以10000 ms的间隔执行此操作。
Most likely, your server's session lifespan is somewhere between the two values. 最有可能的是,服务器的会话寿命介于两个值之间。 You could, however, configure the session lifespan to fit your needs (as in increasing it), but keep in mind that expiring sessions is a security feature so try to find a small value that is big enough to let your application work ok, but still allow the session to expire in a safe interval of time. 但是,您可以配置会话生命周期以满足您的需求(如增加它),但请记住,到期会话是一个安全功能,因此请尝试找到一个足够大的小值,以使您的应用程序正常工作,但仍然允许会话在安全的时间间隔内到期。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.