locked
Session Security and Storage Limit RRS feed

  • Question


  • I want to ask advantages and disadvantages of the session usage...

    Is it a problem to load secret data to session?

    Can client user  reach the data loaded to session from outside?

    What happens if loaded data is very big?

    Is it a problem of loading huge data to session?

    What can I use for the security and big data usage, other than session?

    Friday, January 25, 2013 2:12 AM

Answers

  • Hi,

    I asume that you are talking about ASP.Net. Please make sure to read the links that Jack gave you already.

    Session State in ASP.Net is stored on the server. With that knowledge in mind, we can easily anser your questions:
    - Secret Data can be loaded into the session. It is loaded only on the server and is not sent over the network. So as long as you do not put the secret data on a page it will be secure.
    - The user cannot reach the data from outside. Only your pages will have access to it inside the code that runs on the server! (So you cannot access it easily with JavaScript on your page!)
    - Big data can be loaded in memory and stored in memory. The data satys on the server so there is no big traffic between client and server. But the server has to keep the big data of all sessions - so it will use a lot of memory or even runs out of memory if to many sessions are opened.
    - A common thing is to keep data in databases or files. That way you do not have to keep it in memory and you can either query the exact information that you need (e.g. SQL Queries on a database) or you can stream data directly to the user without processing it further (e.g. pictures, films, ...)

    Always be aware what data you keep inside a session and what not. So keep in mind that a web server can easily run thousands of sessions at the same time!

    With kind regards,

    Konrad

    Monday, January 28, 2013 12:19 PM
  • Hi Adem,

    Thank you for posting in the MSDN forum.

    Based on your description, I’m afraid that it is not the correct forum for this issue, since this forum is to discuss:

    Visual Studio WPF/SL Designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System, Visual Studio Report Controls, and Visual Studio Editor.

    To help you find the correct forum for this issue, would you mind letting us know more information about this issue? Do you mean that you want to know information about the “ASP.NET Session” like this document? Maybe you could get some information from “ASP.NET State Management Overview”.

    If it is related to the ASP.net app, I suggest you post this issue to http://forums.asp.net where asp.net experts live in, and there you would get dedicated support. Thanks for your understanding.

    Best Regards,


    Jack Zhai [MSFT]
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, January 28, 2013 9:19 AM

All replies

  • Hi Adem,

    Thank you for posting in the MSDN forum.

    Based on your description, I’m afraid that it is not the correct forum for this issue, since this forum is to discuss:

    Visual Studio WPF/SL Designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System, Visual Studio Report Controls, and Visual Studio Editor.

    To help you find the correct forum for this issue, would you mind letting us know more information about this issue? Do you mean that you want to know information about the “ASP.NET Session” like this document? Maybe you could get some information from “ASP.NET State Management Overview”.

    If it is related to the ASP.net app, I suggest you post this issue to http://forums.asp.net where asp.net experts live in, and there you would get dedicated support. Thanks for your understanding.

    Best Regards,


    Jack Zhai [MSFT]
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, January 28, 2013 9:19 AM
  • Hi,

    I asume that you are talking about ASP.Net. Please make sure to read the links that Jack gave you already.

    Session State in ASP.Net is stored on the server. With that knowledge in mind, we can easily anser your questions:
    - Secret Data can be loaded into the session. It is loaded only on the server and is not sent over the network. So as long as you do not put the secret data on a page it will be secure.
    - The user cannot reach the data from outside. Only your pages will have access to it inside the code that runs on the server! (So you cannot access it easily with JavaScript on your page!)
    - Big data can be loaded in memory and stored in memory. The data satys on the server so there is no big traffic between client and server. But the server has to keep the big data of all sessions - so it will use a lot of memory or even runs out of memory if to many sessions are opened.
    - A common thing is to keep data in databases or files. That way you do not have to keep it in memory and you can either query the exact information that you need (e.g. SQL Queries on a database) or you can stream data directly to the user without processing it further (e.g. pictures, films, ...)

    Always be aware what data you keep inside a session and what not. So keep in mind that a web server can easily run thousands of sessions at the same time!

    With kind regards,

    Konrad

    Monday, January 28, 2013 12:19 PM
  • This is helpful enough for me... Thanks a lot Konrad ;)
    Tuesday, February 26, 2013 3:23 PM
  • Thank you Jack Zai,

    I am new here and i didn't find where i can share that...

    I am sorry for my fault and thank you again:)

    Tuesday, February 26, 2013 3:26 PM