关闭

[置顶] 获取SQL Server 数据库中Session的值

标签: session数据库sql serverstring存储application
3611人阅读 评论(0) 收藏 举报
分类:

在asp.net 中,session可存储于数据库,但怎样在其他应用中获取数据库存放session的值呢?

怎样把session存储在数据库中的参考文章 http://blog.csdn.net/ojekleen/article/details/7377126 

现再展示数据库中存储session数据模型

      ASP.NET Session状态数据库数据模型
  1.ASPStateTempSessions表定义

列名 类型 描述
SessionId nvarchar(88) Session ID + application ID
Created datetime Date and time session was created (UTC)
Expires datetime Date and time session expires (UTC)
LockDate datetime UTC date and time session was locked
LockDateLocal datetime Local date and time session was locked
LockCookie int Lock ID
Timeout int Session timeout in minutes
Locked bit 1=Session locked, 0=Session not locked
SessionItemShort varbinary(7000) Serialized session state (if <= 7,000 bytes)
SessionItemLong image Serialized session state (if > 7,000 bytes)
Flags int Session state flags (1=Uninitialized session)

  2.ASPStateTempApplications表定义
列名 类型 描述
AppId int Application ID
AppName char(280) Application name

表aspstatetempsessions存储session具体信息 ,sessionitemshort或者sessionitemlong存储session序列化后的值。

session序列化状态后的值t在小于或等于7000字节的情况下存储在sessionitemshor字段,当session序列化状态后的值长于7000则存储于sessionitemlong字段中。sessionid为网站中的sessionid 加上 aspstatetempapplications中的appid, appid为标准8位,在数据库中的sessionid的后8位为appid.即substring(sessionid,1,8)与网站中sessionid比对就为相同, 当网站执行 Session.Abandon(); 后,aspstatetempsessions表中会自动删除相应数据行。

以下代码为根据网站sessionid查询aspstatetempsessions表获取session值。

 /// <summary>
    /// aspstatetempsessions表映射实体
    /// </summary>
    public class SSOSessionEntity
    {
        private string sessionId;
        private DateTime created;
        private DateTime expires;
        private DateTime lockDate;
        private DateTime lockDateLocal;
        private int lockCookie;
        private int timeOut;
        private bool locked;
        private byte[] sessionItemShort;
        private byte[] sessionItemLong;
        private int flags;

        public string SessionId
        {
            get { return this.sessionId; }
            set { this.sessionId = value; }
        }

        public DateTime Created
        {
            get { return this.created; }
            set { this.created=value; }
        }

        public DateTime Expires
        {
            get { return this.expires; }
            set { this.expires = value; }
        }

        public DateTime LockDate
        {
            get { return this.lockDate; }
            set { this.lockDate = value; }
        }

        public DateTime LockDateLocal
        {
            get { return this.lockDateLocal; }
            set { this.lockDateLocal = value; }
        }

        public int LockCooKie
        {
            get { return this.lockCookie; }
            set { this.lockCookie = value; }
        }

        public int TimeOut
        {
            get { return this.timeOut; }
            set { this.timeOut = value; }
        }

        public bool Locked
        {
            get { return this.locked; }
            set { this.locked = value; }
        }

        public byte[] SessionItemShort
        {
            get { return this.sessionItemShort; }
            set { this.sessionItemShort = value; }
        }

        public byte[] SessionItemLong
        {
            get { return this.sessionItemLong; }
            set { this.sessionItemLong = value; }
        }

        public int Flags
        {
            get { return this.flags; }
            set { this.flags = value; }
        }
    }

public interface ISessionDal
    {
        /// <summary>
        /// 通过sessionid获取实体,具体实现为查询数据库返回dbdatareader并赋值于实体实例
        /// sql: select * from dbo.ASPStateTempSessions where substring(sessionid,1,len(sessionid)-8)=@sessionid
        /// </summary>
        /// <param name="sessionId">sessionid</param>
        /// <returns>SSOSessionEntity实例</returns>
        SSOSessionEntity GetEntity(string sessionId);
    }

关键问题怎样把sessionitem反序列化。代码如下:

/// <summary>
        /// 通过key获取session
        /// </summary>
        /// <param name="sentity">SSOSessionEntity实例</param>
        /// <param name="sessionkey">Sesssin["sessionkey"]获取中的key</param>
        /// <returns>Session[""]获取的值,未类型转换</returns>
        public object GetSession(SSOSessionEntity sentity,string sessionkey)
        {
            object obj = null;

            System.IO.MemoryStream stream = new System.IO.MemoryStream();
            System.IO.BinaryReader reader = new System.IO.BinaryReader(stream);
            stream.SetLength(0);

            if (sentity.SessionItemShort != null)
                stream.Write(sentity.SessionItemShort, 0, sentity.SessionItemShort.Length);
            else
                stream.Write(sentity.SessionItemLong, 0, sentity.SessionItemLong.Length);

            stream.Seek(0, System.IO.SeekOrigin.Begin);
            reader.ReadInt32();
            bool bol_flag = reader.ReadBoolean();
            reader.ReadBoolean();
            if (bol_flag)
            {
                System.Web.SessionState.SessionStateItemCollection sessionItems = System.Web.SessionState.SessionStateItemCollection.Deserialize(reader);
                foreach (string key in sessionItems.Keys)//当前sessionid中所有session
                {
                    if (sessionkey.Equals(key))
                    {
                        obj = sessionItems[key];
                        break;
                    }
                }
            }

            return obj;
        }

在编写同域名单点登录时,可在登录点创建sessionid和其他可公开的验证信息的cookie,在其他二级域名验证是否登录时,可先获取cookie中sessionid及其他公开信息,查询数据库是否具有当前sessionid并进行比较,获取session值后可进行其他公开信息进一步验证。其他公开信息比如:用户名或者用户编号。




0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:234990次
    • 积分:2906
    • 等级:
    • 排名:第12228名
    • 原创:24篇
    • 转载:102篇
    • 译文:0篇
    • 评论:95条
    文章分类
    最新评论