问题
Hi I use Sessions in my application and I was wondering what is the best practice for maintaining session value on a page. I need the value that is stored in the session to be saved until the post back on a particular page. Let me illustrate:
Page A: Page B:
Sets Session["ID"] = 5 --> Gets Session["ID"]
And redirects to Page B and populates data.
I need the Session["ID"] on Page B to stay alive until a post back is performed on Page B. I need this because I will be using the value of Session["ID"] update data in the database.
My question is: Is the any guarantee that the Session["ID"] will maintain its value until a post back is performed? Won't it die? If so: What are some methods I can take to make sure it maintains its value?
I was thinking of making a private variable in Page B to store the Session["ID"] on Page_Load. Please let me know what you think, thank you.
I'm sorry, I should have said: I cannot allow the user to modify the ID. So no Query Strings, thanks.
回答1:
Session is stored in memory on the server by default. This can be problematic if the user's session times out. Also if you are using more than one server as a farm you cannot use Session in memory as you cannot guarantee that the user will use the same server each time.
The best way to guarantee that session information will not be lost is to persist a user's session to a SqlServer database. Here is a tutorial on how to set that up.
Session is really not as much as a performance-killer as some posters have implied. It is a very useful way to easily maintain state for each user.
Also please see my answer to this question for a good way to wrap the ASP.NET session object.
回答2:
Since you are using asp.net, and you want to transfer data from one page to an other, you could also use CrossPage postback
crosspage postback from msdn:
Under some circumstances, you might want to post one page to another page. For example, you might be creating a multi-page form that collects different information on each page. In that case, you can configure certain controls (those that implement the IButtonControl interface, such as the Button control) on the page to post to a different target page. This is referred to as cross-page posting. Cross-page posting provides some advantages over using the Transfer method to redirect to another page. For details, see Redirecting Users to Another Page.
if (Page.PreviousPage != null)
{
TextBox SourceTextBox =
(TextBox)Page.PreviousPage.FindControl("TextBox1");
if (SourceTextBox != null)
{
Label1.Text = SourceTextBox.Text;
}
}
source: http://msdn.microsoft.com/en-us/library/ms178139.aspx
This is a method we use at work for a few of our projects, and it works well. I don't know if it suits your needs, but it might be worth to take a look.
回答3:
Session variables stay alive until the session times out (timeout period being specified in your web.config file)
You need to remember persisting data in the session takes up resources on the server so you need to be careful.
In asp.net you can use the viewstate to persist data across postbacks on the same page.
For your question I would recommend using the URL query string parameters to pass the ID between pages
i.e. myurl.aspx?ID=5
then in your aspx code do:
int ID = (int)page.request.params["ID"];
Edit:
If you are concerned with users altering the ID parameter you can put business logic in the pageload of page B to ensure the user has the proper rights to alter that ID value.
回答4:
If the session timed out, your value would of course be lost. You could store it in a variable in page load - that should work.
The real thing I'm wondering is why don't you just pass it as a GET parameter when you redirect from Page A to Page B? You might have a perfectly valid reason, but normally if I wanted to pass data from one page to another, that's how I would do it.
回答5:
Instead of using session you could transfer the variable from page to page either through the querystring or though a hidden post field, that way it would live with the client and not timeout like it would if it was in the session.
EDIT: If you don't want the user to tamper with the value you could encrypt/obfuscate the hidden post field.
回答6:
If we have a page which does not need session time out, then as per the
source : https://msdn.microsoft.com/en-us/magazine/cc163730.aspx,
we can use <% @ Page EnableSessionState="False" %>
also the link discusses various best practices.
来源:https://stackoverflow.com/questions/643925/session-best-practices