stackoom
  简体   繁体   中英

If HTTP is stateless, how does ASP.NET MVC support sessions?

 原文  2013-05-11 15:41:12       c#/ asp.net/ asp.net-mvc

Question

I get that regular ASP finagles statefullness using viewstate, but MVC doesn't try to perpetuate the bold-faced lie of statefulness. So how is it able to maintain sessions?

2 answers

solution1
 7 ACCPTED  2013-05-11 15:48:01

By default it stores a randomly generated number in a cookie and stores that in memory. If the browser says it doesn't support cookies, asp.net will then instead add the session key in the url, it will show up like http://myurl.com/(S(rpfa4y3c5oe2c555ljanprek))/Controller/Action

solution2
 1  2013-05-11 15:48:07

It is using a Session ID to identify a user, stored in Cookies. Spoofing is possible if your know the victim's ID, and if other security measurements won't interfere (eg IP based authentication).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sessions in ASP.NET MVC Sessions in Asp.NET MVC 4 ASP.NET/MVC : The requested resource does not support http method 'GET' ASP.NET MVC6 - The requested resource does not support http method 'GET' ASP.NET Sessions and browser cookie support How to use sessions,Tempdata in asp.net mvc4 Using sessions in ASP.NET 5 (MVC 6) Validate sessions in ASP.NET Core MVC NHibernate Contextual Sessions in ASP.NET MVC ASP.Net - Requested resource does not support http method 'GET'
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM