问题
I have a code like
Session["key"] = "value";
But it is considered as a bad practice according to Fortify SCA with the reason of "Non-Serializable Object Stored in Session".
Screenshot as below:
What is the best way to solve this? How to make the string "value" to be serializable?
回答1:
I think it's a false positive.
From Fortify document:
In order for the session to be serialized correctly, all objects the application stores as session attributes must declare the
[Serializable]
attribute. Additionally, if the object requires custom serialization methods, it must also implement theISerializable
interface.
Sine string
doesn't implement ISerializable
, it will not pass the check.
来源:https://stackoverflow.com/questions/51624267/asp-net-bad-practices-non-serializable-object-stored-in-session