POLL: Session management methods - your preferences

shahnazz

Assalamu'alaikum dan selamat sejahtera.

Another poll for you guys, as usual contributorswill get credits for their input.

Dalam web programming, ASP.NET, PHP, J2EE etc mesti korang ada guna session management. If you are a coder or programmer, what are your preferred methods of session management? You may select more than one option, and hope to get your input on your choice of selection.

Hope to get your input

Explanation of methods are explained below:

Cookies
- self-explanatory

Hidden fields
- using FORM INPUT hidden tags

URL encoding / rewriting
- references to URLs are encoded to include the session ID

Content-based routing
- load balancer knows which server to be redirected

Store state in database
- stores session information in a database, allows use of session clustering

Distributed sessions / session affinity
- using standard session management methods and/or classes (eg: HttpSession for J2EE)

Others
- other available methods

Regards,
shahnazz

aisirie99

hi,
hmmm guess i still remember this session state mgmt. Sure, any one in .net will encounter these too. Utk ASP.net app, i biasa guna benda2 alah ni ikut kesesuaian . most probably i'll take the following consideration into my selection criteria:

1. Query string.
Paling senang,sempoi..but it is directly visible to users. Not secured. Not support for strucructured data types. So, akan limitkan amount of data to embed in URL.  

2. Cookies
yup..can store small packets of info. In a key-value pair manner on the client side.
sesuai utk store less sensitive data. But x berapa secured, may be tampered with.
Lagi satu, certain browser may override rules for cookies expiration.

3. Hidden fields
-Not a good choice la for storing secured info. if not mistaken, the more you store , the more it'll increase the html file size..so impact performance wise-  slow melow laa hehe.
Still you can view the html source code.

4. ViewState
Some sort of hidden fields juga,
Ni, easy to configure, but require coding effort. But still increase html size.Secure by its encrpytion techniques. Only works when a page postback to itself.

These are all that i used for Client-Side State Mgmt. On the other hand, for Server Side State Mgmt ...i guess the preferred way is by Session State..ideally for users session.
hmm...Application State for the app level.

I guess this is my understanding from last time. Sure the ways evolve as the technology itself.
Not so sure about the latest.

cheers,

ultra78

aku pakai stateserver utk maintain ASP.Net session.Masuk dlm kategori cookies ke? hmmm...sebab aku suka ialah walaupun kita re-deploy webapp atau restart webapp,session masih maintain dan user tak perlu relogin.

slier81

I dont know what this method call...i save it like this
//save user preference..
$_SESSION[userName]=$userName;
$_SESION[auth]="yes"
.
.

p/s:i thought it must be Distributed sessions / session affinity
p/s:im not encouraging save ur session as a hidden field...its' easily tampered using javascript injection..dont use it :kant::kant:

[ Last edited by  slier81 at 27-7-2007 01:24 AM ]

shahnazz

ya betul, distributed sessions / session affinty

slier81

oooo yer ker...thanks moderator...

shahnazz

Hehe, takde respons yang memberangksangkan utk poll ni ye... soalan agak teknikal kot...

Poll masih dibuka, sesiapa yang boleh contribute to the poll and post a message in this thread saya akan bagi kredit.

artgeex

aku tak faham, tapi aku familiar jugakla part cookies dengan hidden fields je, yang lain tu belum tahu lagi hehe

naikAntena

aku x tahu sgt kategori session nihh.. tp kebanyakan module,
aku guna imports system.web.sessionstate..... itu jek pastuhh
Session("Box" ) = txtBox.Text atau  session("rowID" )=  CType(e.Item.Cells(0).Controls(1), Label).Text....
(kategori mane nihh...)

bdk baru nk berjinakk.. kekadang taip jek.. x tahu konsep pun...(nk kn rujuk msdn library blk ah)

[ Last edited by  naikAntena at 13-12-2007 12:19 PM ]