简体繁体 English

在会话中存储用户信息？

[英]Store user information in session?

原文 2009-08-05 12:42:48 1 6 c#/ asp.net-mvc/ database/ session

Should you store info about the user required for each request eg. 您是否应该存储有关每个请求所需用户的信息，例如： Role, email, username etc. 角色，电子邮件，用户名等

in Session, or is ok to goto the database each request for this information?? 在Session中，还是可以转发数据库每个请求这个信息？

Thanks 谢谢

6 个解决方案

If you're not planning on load balancing, then session state is perfectly acceptable. 如果您没有计划负载平衡，那么会话状态是完全可以接受的。 Be careful if the session state is configured to use database persistence though, because then you'll not only be hitting the database, but incurring an overhead of serialisation of the objects. 如果会话状态配置为使用数据库持久性，请小心，因为这样您不仅会访问数据库，还会产生对象序列化的开销。

If it's user-specific data, then a distributed hashtable cache system might work. 如果它是用户特定的数据，那么分布式哈希表缓存系统可能会起作用。 Things like Memcached are good for this, because they are in-memory caches (performance) but are distributed across multiple servers (load balancing) so you get the best of both worlds. 像Memcached这样的东西对此有好处，因为它们是内存缓存（性能），但是分布在多个服务器上（负载平衡），因此您可以充分利用这两个世界。

Of course, if it's data that changes regularly, particularly if you other systems that might modify the database without the web app knowing, then going back to the database might be the only option. 当然，如果它的数据定期更改，特别是如果您的其他系统可能在没有Web应用程序知道的情况下修改数据库，那么返回数据库可能是唯一的选择。

I prefer to use an encrypted cookie for this. 我更喜欢使用加密的cookie。 The db calls can get expensive in large, busy systems. 在繁忙的大型系统中，db调用可能会变得昂贵。 Session is fine, but if your session backend is database powered, that can get expensive too. 会话很好，但如果您的会话后端是数据库驱动的，那也会变得昂贵。 Obviously, when using cookies, you have to incorporate an authentication token check. 显然，使用cookie时，必须包含身份验证令牌检查。

That depends on what you mean by "Should". 这取决于你所说的“应该”。 I've worked on a few apps that used the session for caching user information. 我曾经使用过几个使用会话来缓存用户信息的应用程序。 The approach worked well and reduced the amount of database round trips required for each web request. 该方法运行良好，减少了每个Web请求所需的数据库往返次数。

On the other hand, it does introduce state to your web servers so you either have to stick to one web server, use "sicky sessions" (which can make managing web servers a bit more complicated) or start storing session information in a shared data store (which wipes out any performance gain you might have had from using it in the first place). 另一方面，它确实向您的Web服务器引入了状态，因此您必须坚持使用一个Web服务器，使用“病态会话”（这会使管理Web服务器更复杂）或者开始将会话信息存储在共享数据中商店（它消除了您在使用它时可能获得的任何性能提升）。

Session data can be stored in the database as well, which is usefull if your site is running in a Web Garden og Farm. 会话数据也可以存储在数据库中，如果您的站点在Web Garden og Farm中运行，这将非常有用。 If the session is running InProc, the user data will be saved in memory, which is of much cause faster, but at the cost of scalability. 如果会话正在运行InProc，则用户数据将保存在内存中，这会导致更快，但代价是可伸缩性。

Another common way would be to save it as ViewState, then it is sent back and fourth between the client and server with every postback, which of course causes a bandwidth hit, but scales much better that the InProc session. 另一种常见的方法是将其保存为ViewState，然后在每次回发时将其发送回客户端和服务器之间，这当然会导致带宽受限，但比InProc会话要好得多。

Personally I like session state better, if the site is small I run it InProc, and if/when the site grows I can change it to use a Database instead. 我个人更喜欢会话状态，如果网站很小我运行它InProc，如果/当网站增长，我可以改为使用数据库。

I keep the userid in Session and I keep the active user records in Cache for many of my applications, but then again I tend to keep the contents of all of my dropdown lists in Cache, and I have to present a dropdown of users every now and then. 我将用户ID保留在Session中，并且我将许多应用程序中的活动用户记录保存在Cache中，但是我再次将所有下拉列表的内容保留在Cache中，并且我必须每次都提供一个用户下拉列表接着。

I've had a number of people exclaim "OMG you keep that in Cache!?!?" 我有很多人惊呼“OMG你把它保存在Cache！？！？” but actually, it works great. 但实际上，它很有效。 Better that I have exactly one copy of the user list in Cache than one copy per application instance (100 concurrent users means potentially 100 copies of the user list in memory). 更好的是，我在Cache中只有一个用户列表副本，而不是每个应用程序实例一个副本（100个并发用户意味着内存中可能有100个用户列表副本）。 In general I put anything that doesn't change frequently in Cache, and force it out of Cache if it does change, so it will reload on next access. 一般情况下，我在Cache中放置任何不经常更改的内容，如果它确实发生更改，则将其强制退出Cache，因此它将在下次访问时重新加载。

It depends on your site/app. 这取决于您的网站/应用程序。 The general rules are something like this: 一般规则是这样的：

Saving in the session works well if the number of simultaneous users is fairly low and the the data is relatively small. 如果同时用户数量相当少且数据相对较小，则会话中的保存效果很好。

Saving in a cookie works well if the number of simultaneous users is high and the size of the data is relatively low. 如果同时用户数量很高且数据大小相对较低，则保存在cookie中效果很好。 Obviously cookies are publicly viewable so if it is sensitive such as email then it should be encrypted. 显然，cookie是公开可见的，因此如果它是敏感的，如电子邮件，则应加密。

Saving in the database works well if the size of the data is large. 如果数据大小很大， 保存在数据库中效果很好。

Note. 注意。 As others have said if your using a web farm then I would forget about saving in the session. 正如其他人所说，如果你使用网络农场，那么我会忘记保存在会话中。

Martin Fowler has a good description of the options in 'Patterns of Enterprise Application Architecture' but I'm not sure if he has stuff online. Martin Fowler对“企业应用程序架构模式”中的选项有很好的描述，但我不确定他是否有在线内容。

If the site/app requires authentication then .Net has good built in functionality for storing user roles and unique user names. 如果站点/应用程序需要身份验证，则.Net具有良好的内置功能，用于存储用户角色和唯一用户名。 If you save this during the authentication then these values can be accessed through User.IsInRole() and User.Identity.Name. 如果在身份验证期间保存此值，则可以通过User.IsInRole（）和User.Identity.Name访问这些值。

Is storing in the session causing you performance problems? 存储在会话中会导致性能问题吗？ If the size of your data is relatively small such as email then I would go with using the session or cookies and avoid the database. 如果您的数据大小相对较小，如电子邮件，那么我会使用会话或cookie并避免使用数据库。 Run performance tests and see what performs best for you. 运行性能测试，看看哪种方式最适合您。