保存已登陆用户的信息的时候用什么保存最好?是Cookic还是Session,用Session的话只要浏览器一关就需要重新登陆,那样的效果不太好,我希望在一定的时间内都不需要再登陆。但用Cookic的话那些信息都在客户端好象不太安全,有什么好的办法?要是说Cookic加密的话请详细讲下,现在还没怎么接触过加密技术。谢谢了...
------解决方案--------------------
那就看是做什么了。
网站用cookie,系统用session。
加密是算法问题,网上有很多。
------解决方案--------------------
session和Cookie配合使用,比较好的选择,Session建议存一些必要属性,这样做会非常方便,而且不会用太多空间,而且挺安全, 如果服务器关闭,就把session中的信息保存到Cookie,这里可以考虑下加密。下次请求时,又利用Cookie重建Session。。。
考虑到客户端的Cookie可能被禁用,可以加上URL回写的方式,以保证可靠性。。。
其实这上比较严密系统,一般小系统里边,建议用session很OK,性有不是问题。。
------解决方案--------------------
- C# code
using System;using System.Diagnostics;using System.Security.Cryptography;using System.Text;using System.IO;using System.Web;namespace Press{ public class CryptoUtil { public static byte[] KEY_64 = { 42, 16, 93, 56, 78, 4, 218, 223 }; public static byte[] IV_64 = { 55, 103, 46, 79, 36, 89, 167, 3 }; private static byte[] KEY_192 = { 42, 16, 93, 156, 78, 4, 218, 32, 15, 167, 44, 80, 26, 250, 155, 112, 2, 94, 11, 204, 119, 35, 184, 197 }; private static byte[] IV_192 = { 55, 103, 246, 79, 36, 99, 167, 3, 42, 5, 62, 83, 184, 7, 209, 13, 145, 23, 200, 58, 173, 10, 121, 222 }; //标准的DES加密 public static string Encrypt(string value1) { if (value1 != "") { DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider(); MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, cryptoProvider.CreateEncryptor(KEY_64, IV_64), CryptoStreamMode.Write); StreamWriter sw = new StreamWriter(cs); sw.Write(value1); sw.Flush(); cs.FlushFinalBlock(); ms.Flush(); return Convert.ToBase64String(ms.GetBuffer(), 0, (int)ms.Length); } return ""; } //标准的DES解密 public static string Decrypt(string value1) { if (value1 != "") { DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider(); byte[] buffer = Convert.FromBase64String(value1); MemoryStream ms = new MemoryStream(buffer); CryptoStream cs = new CryptoStream(ms, cryptoProvider.CreateDecryptor(KEY_64, IV_64), CryptoStreamMode.Read); StreamReader sr = new StreamReader(cs); return sr.ReadToEnd(); } return ""; } } public class CookieUtil { public const string COOKIENULL = null; public static void SetEncryptedCookie(string key, string val) { key = CryptoUtil.Encrypt(key); val = CryptoUtil.Encrypt(val); SetCookie(key, val); } public static void SetEncryptedCookie(string key, string val, DateTime expires) { key = CryptoUtil.Encrypt(key); val = CryptoUtil.Encrypt(val); SetCookie(key, val, expires); } public static void SetEncryptedCookie(string key, string val, int DayNum) { key = CryptoUtil.Encrypt(key); val = CryptoUtil.Encrypt(val); DateTime expires = DateTime.Now.AddDays(DayNum); SetCookie(key, val, expires); } #region///SetCookie private static void SetCookie(string key, string val) { key = HttpContext.Current.Server.UrlEncode(key); val = HttpContext.Current.Server.UrlEncode(val); HttpCookie cookie = new HttpCookie(key, val); SetCookie(cookie); } private static void SetCookie(string key, string val, DateTime expires) { key = HttpContext.Current.Server.UrlEncode(key); val = HttpContext.Current.Server.UrlEncode(val); HttpCookie cookie = new HttpCookie(key, val); cookie.Expires = expires; SetCookie(cookie); } private static void SetCookie(HttpCookie cookie) { HttpContext.Current.Response.Cookies.Set(cookie); } #endregion public static string GetEncryptedCookieValue(string key) { key = CryptoUtil.Encrypt(key); string val = GetCookieValue(key); if (val == COOKIENULL) return COOKIENULL; val = CryptoUtil.Decrypt(val); return val; } #region///GetCookie private static HttpCookie GetCookie(string key) { key = HttpContext.Current.Server.UrlEncode(key); return HttpContext.Current.Request.Cookies.Get(key); } private static string GetCookieValue(string key) { try { string val = GetCookie(key).Value; val = HttpContext.Current.Server.UrlDecode(val); return val; } catch { return COOKIENULL; } } #endregion }}