HP Fortify : ASP.NET Bad Practices: Non-Serializable Object Stored in Session
问题 The method set_UserActiveEnvironments() in HttpContextHelper.cs stores a non-serializable object as an HttpSessionState attribute on line 47, which can damage application reliability By default, ASP.NET servers store the HttpSessionState object, its attributes and any objects they reference in memory. This model limits active session state to what can be accommodated by the system memory of a single machine. In order to expand capacity beyond these limitations, servers are frequently