Geek Answers Handbook

ASP.Net SessionState using SQL Server - is it encrypted data?

When using Sql Server to store and manage SessionState, are session data stored in a database using encryption?

When I view data in an ASPNet database, the data in the "SessionItemLong" column in the ASPStateTempSessions columns is displayed in hexadecimal data. Is this data encrypted before being stored in the database? And if so, where is the key that is used to encrypt data and what algorithm is used to encrypt data?

In addition, the session state stores the object using serialization. What serialization is used? (binary or XML)

+6
sql-server encryption session-state
source share
2 answers

There is no encryption. Data is stored using binary serialization (it is much faster than xml). See the SessionStateUtility class for more details (you can view it using free Reflector ). This is the code that is used for serialization:

internal static void Serialize(SessionStateStoreData item, Stream stream) { bool flag = true; bool flag2 = true; BinaryWriter writer = new BinaryWriter(stream); writer.Write(item.Timeout); if ((item.Items == null) || (item.Items.Count == 0)) { flag = false; } writer.Write(flag); if ((item.StaticObjects == null) || item.StaticObjects.NeverAccessed) { flag2 = false; } writer.Write(flag2); if (flag) { ((SessionStateItemCollection) item.Items).Serialize(writer); } if (flag2) { item.StaticObjects.Serialize(writer); } writer.Write((byte) 0xff); }
+12
source share

I had this problem lately, and I had to deconstruct the saved state to investigate the performance problem ; the rough code was something like this:

 byte[] blob = ... // TODO using (var ms = new MemoryStream(blob)) using (BinaryReader reader = new BinaryReader(ms)) { int len = reader.ReadInt32(); bool f1 = reader.ReadBoolean(), f2 = reader.ReadBoolean(); SessionStateItemCollection items = null; HttpStaticObjectsCollection sitems = null; if (f1) { items = SessionStateItemCollection.Deserialize(reader); } if (f2) { sitems = HttpStaticObjectsCollection.Deserialize(reader); } if (reader.ReadByte() != 0xFF) { throw new InvalidOperationException("corrupt"); } if (items != null) { int max = items.Count; for (int i = 0; i < max; i++) { object obj = items[i]; Console.WriteLine("{0}\t{1}", items.Keys[i], obj == null ? "n/a" : obj.GetType().FullName); } } }
+6
source share

More articles:


All Articles