通过静态对象的静态属性访问asp.net会话变量是否安全?
[英]Is it safe to access asp.net session variables through static properties of a static object?
问题描述
Is it safe to access asp.net session variables through static properties of a static object? 
通过静态对象的静态属性访问asp.net会话变量是否安全?
Here is what I mean: 这就是我的意思:
public static class SessionHelper
{
public static int Age
{
get
{
return (int)HttpContext.Current.Session["Age"];
}
set
{
HttpContext.Current.Session["Age"] = value;
}
}
public static string Name
{
get
{
return (string)HttpContext.Current.Session["Name"];
}
set
{
HttpContext.Current.Session["Name"] = value;
}
}
}
Is it possible that userA could access userB's session data this way? userA是否可以通过这种方式访问userB的会话数据?
3 个解决方案
解决方案1
30 已采纳 2010-05-10 16:12:13
Yes, that way is fine - just make sure you don't do this: 是的,这种方式很好 - 只要确保你不这样做:
public static class SessionHelper
{
private static HttpSession sess = HttpContext.Current.Session;
public static int Age
{
get
{
return (int)sess["Age"];
}
set
{
sess["Age"] = value;
}
}
}
As ive seen this way show one user's session data to another user. 正如我所见,这种方式向另一个用户显示一个用户的会话数据。 (Albeit in ASP.NET 1.1) (尽管在ASP.NET 1.1中)
解决方案2
8 2010-05-10 16:45:59
IMHO, this is actually a good approach. 恕我直言,这实际上是一个很好的方法。 It is type safe, add that level abstraction that could allow you to change things with minimal impact. 它是类型安全的,添加可以让您以最小的影响更改事物的级别抽象。
An example of something you might change, if you decided some state should move to the cache or even the database combined with caching, these would require additional thread synchronization, but could all be handled by the internals of this class. 您可能会更改某些内容的示例,如果您确定某个状态应该移动到缓存,甚至数据库与缓存相结合,这些都需要额外的线程同步,但都可以由此类的内部处理。 You might consider changing name of the class to something less session specific. 您可以考虑将类的名称更改为特定于会话的内容。
The one comment I would have on your particular example is that you should check that the Session variable is not null and either return an appropriate default, assert or raise an informative exception if it is. 我对您的特定示例的一个注释是,您应该检查Session变量是否为null并返回适当的默认值,断言或引发信息性异常(如果是)。 Just in case the property is read before it is being set. 以防在设置属性之前读取属性。
解决方案3
0 2017-11-09 17:09:18
In fact, here is my "base" SessionClass. 实际上,这是我的“基础”SessionClass。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
public static class CSession
{
private static readonly string zE = "";
private static readonly string CrLF = Environment.NewLine;
private static bool bStopHere = true;
/// <summary>
/// Get a session variable
/// </summary>
/// <param name="pSessionKey"></param>
/// <returns></returns>
public static object Get(string pSessionKey)
{
object t = null;
if (HttpContext.Current.Session[pSessionKey] != null) { t = (object)HttpContext.Current.Session[pSessionKey]; }
return t;
}//object Get(string pSessionKey)
/// <summary>
/// Set a session variable
/// </summary>
/// <param name="pSessionKey"></param>
/// <param name="pObject"></param>
public static void Set(string pSessKey, object pObject)
{
HttpContext.Current.Session.Remove(pSessKey);
HttpContext.Current.Session.Add(pSessKey, pObject);
}//void Set(string pSessionKey, object pObject)
public static string GetString(string pSessKey)
{
string sTemp = zE;
object t = Get(pSessKey);
if (t != null) { sTemp = (string)t; } else { sTemp = zE; }
return sTemp;
}//string GetString(string pSessionKey)
public static int GetInt(string pSessKey)
{
int s = 0;
object t = Get(pSessKey);
if (t != null) { s = (int)t; }
return s;
}//int GetInt(string pSessionKey)
public static Int32 GetInt32(string pSessKey)
{
Int32 s = 0;
object t = Get(pSessKey);
if (t != null) { s = (Int32)t; }
return s;
}//Int32 GetInt32(string pSessionKey)
public static bool GetBool(string pSessKey)
{
bool s = false;
object t = Get(pSessKey);
if (t != null) { s = (bool)t; }
return s;
}//bool GetBool(string pSessionKey)
}//static class CSession
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.