ASP.Net SessionState using SQL Server - is the data encrypted?

后端未结

关注

 2  1240

被撕碎了的回忆 2021-01-02 18:44

When using Sql Server to store and manage the SessionState, is the session data stored in the database using encryption?

When I look at the data in the ASPNet datab

2条回答

情话喂你 (楼主)

2021-01-02 19:34

There are no encryption there. The data is stored using binary serialization (it's much more faster than xml one). For details look at the SessionStateUtility class (you can browse it using free Reflector). This is the code which is used for serialization:

internal static void Serialize(SessionStateStoreData item, Stream stream)
{
    bool flag = true;
    bool flag2 = true;
    BinaryWriter writer = new BinaryWriter(stream);
    writer.Write(item.Timeout);
    if ((item.Items == null) || (item.Items.Count == 0))
    {
        flag = false;
    }
    writer.Write(flag);
    if ((item.StaticObjects == null) || item.StaticObjects.NeverAccessed)
    {
        flag2 = false;
    }
    writer.Write(flag2);
    if (flag)
    {
        ((SessionStateItemCollection) item.Items).Serialize(writer);
    }
    if (flag2)
    {
        item.StaticObjects.Serialize(writer);
    }
    writer.Write((byte) 0xff);
}

0 讨论(0)

查看其它2个回答