All geek questions in one place

Alternative session for variable for each user in ASP.NET MVC

I am working on an MVC 3 application that will be hosted in a web farm with multiple workflow settings. There are about a dozen variables that are stored in the session but are lost due to IIS configuration.

Having lost this, I mean that when the login process succeeds, I see through logging that I set the session variables, but then after the Redirect action and the landing descriptor action, the session variables are often empty. I am not sure if this is connected, but it is in HTTPS.

We are considering the possibility of moving our user settings, which are stored in the session, to some other mechanism, but there is one variable with which I can not do this. Given the above deployment environment, I have the following questions.

  • Are cookies my only (best?) Alternative to storing session variables for user preferences?
  • If there is a secure mechanism for writing cookies, why can't they be manipulated and can still be read in a multi-server environment?
  • As I understand it, System.Runtime.Caching suffers from the same issue when running in the above IIS configuration. It's true?
+4
source share
1 answer

Are cookies my only (best?) Alternative to storing session variables for user preferences?

No - they are about the worst possible approach. Three reasons that come to mind:

  • They can be manipulated.
  • They travel with each request from client to server — inefficient.
  • They will add more complications to your implementation as you will have to start thinking about protecting them differently.

If there is a safe mechanism for writing cookies so that they cannot be manipulated and still read in a multi-server environment?

See answer above.

As I understand it, System.Runtime.Caching suffers from the same issue when running in the above IIS configuration. It's true?

True You must use any of the government suppliers that are not related to the process. You can use Sql Server to store session data, since your objects can be serialized, obviously, or Server Status Mode mode="stateserver"

Read here for more details.

+7
source

Source: https://habr.com/ru/post/1412371/

More articles:


All Articles