Comments (6)
brockallen
commented on May 24, 2024
"Session" in this repo means session state -- a cookie-based server-side state management mechanism for UI apps. This is unrelated to authentication.
from session.
ankitbko
commented on May 24, 2024
I get that. I wanted to know in case the session is established by another service, is there is a way to pass session Id as token in header?
@brockallen We have Identity server 3 for authentication and authorization with angular being client. I was just thinking, is it a good practise to use auth token as session token for the user?
from session.
brockallen
commented on May 24, 2024
Well, in general I think session state is a bad idea: http://brockallen.com/2012/04/07/think-twice-about-using-session-state/. And even more so for Web APIs. So I'd not design a web app or a web api to use session state.
from session.
Tratcher
commented on May 24, 2024
The use of cookies is baked into the middleware: https://github.com/aspnet/Session/blob/dev/src/Microsoft.AspNet.Session/SessionMiddleware.cs#L77.
from session.
ankitbko
commented on May 24, 2024
@brockallen I had read your blog long ago :). I completely agree with you about avoiding session state and maintaining user specific data in relational/NoSQL database. We are using Redis as NoSQL and caching solution. ASP.NET 5 session also uses RedisCache as IDistributedCache for session management. Moreover now the sessions are non-locking which essentially solves one of the biggest performance issues with ASP Sessions. This basically means that whatever I store in Session gets stored as cache objects in Redis.
I still avoid Session as much as possible, but it looks to be fine to be used for non critical short lived user data, as you get out of the box way to store and retrieve objects with expiration built in. All long lived user data will be stored in more reliable manner in database.
My current thought is to use token returned by Ids3 as session token. There is really no need to maintain another token in cookie just for accessing session.
@Tratcher Thanks. I had gone through the code yesterday itself. It seems with small modification I can just switch to get session key from token. Still an option to switch to custom key or overridable method would have been better. Thanks for pointing me to right direction.
from session.
John0King
commented on May 24, 2024
@Tratcher Session ID use cookie is not a good idea. specifically when a browser disable cookies or not support httponly
from session.
Related Issues (20)
- Remove obsolete options APIs HOT 3
- Update session to configure DistributedMemoryCache options by default HOT 3
- Add logging scope for session HOT 2
- Random "Accessing expired session" warning HOT 4
- Error closing the session with .net 2.1.0-preview1 HOT 12
- Any plans for maximum session size property? HOT 2
- [1.1.4] Flaky test: SessionTests.SessionLogsCacheRefreshException HOT 6
- System.OperationCanceledException at Microsoft.Extensions.Caching.Redis.RedisCache+<RefreshAsync>d__25.MoveNext HOT 4
- cant access Session in other API HOT 5
- Error closing the session HOT 1
- [Patch 2.0.x] Downgrade cancellation logs HOT 1
- Add EventSource/EventCounter tracing and metrics for Session HOT 1
- Session does not work with Redis when the client has HTTP keep-alives disabled HOT 6
- Session cannot be re-loaded HOT 8
- Determine if the session cookie is considered essential HOT 1
- THIS ISSUE TRACKER IS CLOSED - use the Home repo issue tracker
- Session OnStart and Session OnEnd HOT 8
- How to get number of session HOT 3
- Re-initialize Session middleware from controller HOT 2
- How to add a custom session in .net core? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from session.