我已阅读有关会话管理的不同文章,并了解实现相同的不同方法。
但是以下是我想要了解的几个问题:
如何在真实世界的应用程序中实现会话管理(例如cookie,url重写)? 步骤是什么,最好的方法是什么? 一个人比另一个人更喜欢哪种方式? 如何通过不同的数据中心/集群完成会话管理?谢谢!
I have read different articles on Session Management and am aware of the different ways of implementing the same.
However below are few questions that I wanted to understand:
How session management is implemented in a real world application (e.g. cookies,url rewriting)? What would be the steps and which is the best way to do the same? What way should one prefer over another? How is session management done wrt different data centers/clusters?Thanks!
最满意答案
使用cookie和URL重写进行敏感数据管理的安全风险。 最好的机制是将http会话与https结合使用。
在现实世界的场景中,小心使用http会话以避免瓶颈。 简单而不是将整个对象添加到会话中,可以用于从数据库获取实体的属性在会话上传送。 底线是会议需要保持轻量级。 会话最佳实践包括删除会话并在其使用完成后使其无效。
在EJB上下文中,总是更好地避免有状态会话bean。 如果使用,则bean必须在bean的最后一次调用时失效。
Its security risk to use cookies and url rewriting for sensitive data management. The best mechanism is to use http session in conjunction with https.
In real world scenarios, http session is used carefully to avoid bottle necks. simply rather than adding an entire object to session, an attribute which can be used to obtain an entity from database is carried over the session. bottom-line is that sessions need to be kept light weight. session best practices include removing the session and invalidating it once its use is completed.
in EJB context, its always better to avoid Stateful session beans. If used, the bean has to be invalidated as the last invocation of the bean.
更多推荐
发布评论