ASP.Net SessionState using SQL Server - is the data encrypted?
When using Sql Server to store and manage the SessionState, is the session data stored in the database using encryption?
When I look at the data in the ASPNet datab
-
There are no encryption there. The data is stored using binary serialization (it's much more faster than xml one). For details look at the SessionStateUtility class (you can browse it using free Reflector). This is the code which is used for serialization:
internal static void Serialize(SessionStateStoreData item, Stream stream) { bool flag = true; bool flag2 = true; BinaryWriter writer = new BinaryWriter(stream); writer.Write(item.Timeout); if ((item.Items == null) || (item.Items.Count == 0)) { flag = false; } writer.Write(flag); if ((item.StaticObjects == null) || item.StaticObjects.NeverAccessed) { flag2 = false; } writer.Write(flag2); if (flag) { ((SessionStateItemCollection) item.Items).Serialize(writer); } if (flag2) { item.StaticObjects.Serialize(writer); } writer.Write((byte) 0xff); }讨论(0) -
I had this problem recently, and had to deconstruct stored state to investigate a performance issue; the rough code was something like:
byte[] blob = ... // TODO using (var ms = new MemoryStream(blob)) using (BinaryReader reader = new BinaryReader(ms)) { int len = reader.ReadInt32(); bool f1 = reader.ReadBoolean(), f2 = reader.ReadBoolean(); SessionStateItemCollection items = null; HttpStaticObjectsCollection sitems = null; if (f1) { items = SessionStateItemCollection.Deserialize(reader); } if (f2) { sitems = HttpStaticObjectsCollection.Deserialize(reader); } if (reader.ReadByte() != 0xFF) { throw new InvalidOperationException("corrupt"); } if (items != null) { int max = items.Count; for (int i = 0; i < max; i++) { object obj = items[i]; Console.WriteLine("{0}\t{1}", items.Keys[i], obj == null ? "n/a" : obj.GetType().FullName); } } }讨论(0)
加载中...
- 热议问题