大型Web 网站 Asp.net Session过期你怎么办
在 WEB 系统中, 我们一般会用session来保存一些简单但是却很重要的信息。比如Asp.net中经常会用Session来保存用户登录信息,比如UserID。为了解决 WEB场大家采用了把session存在DB中,session过期大家一般都采用页面跳转,即再次登录,login后又返回页面。个人觉得以上设计不是很好, 对于web场,如果我们把session存在DB那么新能应该比存内存要慢,所以推荐用分布式缓存的方式来存取Session。 对于Session过期我建议采用cookie来做。在大型网站中Session应该慎用,毕竟它占用服务器的内容,一个人用户session如果占用1k的空间,那么100W用户同时在线 Session要占用多大空间. 以前我把userID 直接存cookie会有浏览器串cookie的问题,比如我用IE login use1,用FF login user2,发现后面login的user信息会覆盖前面login user的值。回来发现session过期了,但是sessionID还在,并且该值在cookie里面。
实现code 如下:
核心code:
string UserID
{
get
{
if (Session["UserID"] != null)
{
return Session["UserID"].ToString();
}
if (Request.Cookies[Session.SessionID.ToString()] != null)
{
string cv=Request.Cookies[Session.SessionID].Value;
Session["UserID"] = cv;
return cv;
}
return string.Empty;
}
set
{
Session["UserID"] = value;
string key = Session.SessionID.ToString();
HttpCookie kc = new HttpCookie(key, value);
kc.HttpOnly = true;
Response.Cookies.Add(kc);
}
}
public partial class WebForm1 : System.Web.UI.Page { protected void btnSet_Click(object sender, EventArgs e) { Session["name"] = "majiang"; this.lblSet.Text = "Session ID:" + Session.SessionID.ToString(); } protected void btnGet_Click(object sender, EventArgs e) { labGet.Text = "Session ID:" + Session.SessionID.ToString(); if (Session["name"] != null) { labGet.Text += "<br/>" + Session["name"].ToString(); } } Dictionary<string, string> dict = new Dictionary<string, string>(); protected void Page_Load(object sender, EventArgs e) { dict.Add("1", "majiang"); dict.Add("2", "Gavin"); } string UserID { get { if (Session["UserID"] != null) { return Session["UserID"].ToString(); } if (Request.Cookies[Session.SessionID.ToString()] != null) { string cv=Request.Cookies[Session.SessionID].Value; Session["UserID"] = cv; return cv; } return string.Empty; } set { Session["UserID"] = value; string key = Session.SessionID.ToString(); HttpCookie kc = new HttpCookie(key, value); kc.HttpOnly = true; Response.Cookies.Add(kc); } } protected void btnSetwithCookie_Click(object sender, EventArgs e) { UserID = this.txtuserID.Text.Trim(); this.labsetCookie.Text = Session.SessionID.ToString(); } protected void btnGetWithCookie_Click(object sender, EventArgs e) { this.labGetCookie.Text = "Session ID:" + Session.SessionID.ToString(); labGetCookie.Text += "<br/>" + dict[UserID].ToString(); } }
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm1.aspx.cs" Inherits="SessionTest.WebForm1" %> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <div> <asp:Button ID="btnSet" runat="server" Text="Set Session" OnClick="btnSet_Click" /> <asp:Button ID="btnGet" runat="server" Text="Get Session" OnClick="btnGet_Click" /> <br /> SET: <asp:Label ID="lblSet" runat="server" Text=""></asp:Label> <br /> Get: <asp:Label ID="labGet" runat="server" Text=""></asp:Label> </div> userID:<asp:TextBox ID="txtuserID" runat="server"></asp:TextBox> <div> <table> <tr><td><asp:Button ID="btnSetwithCookie" runat="server" Text="Set With Cookie" OnClick="btnSetwithCookie_Click" /></td><td><asp:Button ID="btnGetWithCookie" runat="server" Text="Get With Cookie" OnClick="btnGetWithCookie_Click" /></td></tr> <tr><td><asp:Label ID="labsetCookie" runat="server"></asp:Label> </td><td><asp:Label ID="labGetCookie" runat="server"></asp:Label></td></tr> </table> </div> </form> </body> </html>
实现的效果如图:
看看HTTP的请求: