问题
From this article http://www.codeproject.com/Articles/5892/Session-Management-in-ASP-NET i have understood that session is stored in a browser in cookie (lets just assume Cookieless=false) and how it is used for future communication to overcome stateless nature of the web.I have one doubt - Where are sessions created by code (e.g. Session["abc"]="test data") stored? Are they only stored on server or they are also stored in cookies(which is highly unlikely)?If they are stored on server,where are they stored? How are the sessions created through code identified for one particular user?
Thanks in advance.
回答1:
Session["abc"]="test data" is Stored in RAM by default as for ASP.net
Two different Facebook users when request "www.facebook.com/home" both are sent different pages ,eg user1 will have his profile news ,user2 will have different profile.
So what's the flow-->
- user1 logs in www.abc.com .
- Server saves sessionid
darw12sxa3towkoiuhztcf0cas cookies in user1 browser. - Server Maps
darw12sxa3towkoiuhztcf0cto user1 in its memory. - Next all the user1 url requests will have this sessionid ,so server can identify
darw12sxa3towkoiuhztcf0cis mapped to user1 and serves pages corresponding to him. - user2 when logs in www.abc.com is assigned a different sessionid say
pvsc5msqma5nrusmdnn2y13n...so on.
Some INFO
- Corrsponding to this sessionid all Session data is stored in RAM by default for Asp.Net.Website Admin can change it to other means.
- Sessionid is stored as cookies corresponding to domain name.
- These Sessionid is transfered over network for each web request ,so it is vunerable to attacks as man in middle can use these sessionid,So one of the reason why HTTPS comes into picture and saves the day.
Try using Edit this Cookie Chrome Extension ,to view and copy cookies from one computer to another computer.
Have Fun.
来源:https://stackoverflow.com/questions/19200686/where-does-iis-store-user-created-sessions