Reputation: 137
What is the difference between storing data in a session or the httpcontext object
I'm building a MVC3 application that needs to store secure user information such as userid, username, phone, and email. In my research I see people using the httpcontext object as well storing user objects in session state.
Session["User"] = user;
The previous data being stored in the user object. I'm wondering what the difference is between Session[""] and HttpContext object is and if either of these methods are a secure way to store this data.
Thanks for your thoughts!
Upvotes: 0
Views: 698
Answers (1)
Reputation: 30152
HttpContext.Current.Items is a per-request store. It is not accessible to other users.
Session is a per USER store. It has a bad air surrounding it with performance as the session is locked per that users sessionid for each request, so overlapping requests can have performance issues in waiting for the object to become available.
Both are not available to other users unless in the case of session, someone steals (sniifs on the network) the session id and hijacks that session. Even then the data isn't accessible unless you have a trace page but keep in mind then the evil user may be able to surf pages as a different user if able to steal that and forms auth token (as just one example)
Upvotes: 2
Related Questions
- Difference between Session and HttpContext.Current.Session
- HttpSessionStateBase vs HttpContext.Current.Session
- HttpContext.Cache Add vs Insert and Session
- System.Web.HttpContext vs System.Web.MVC.HttpContext
- Why HttpContext is better to access Session variable than Session directly
- HttpContext.Current.Session vs Context.Session
- Can I use HttpContext.Application instead of Session to store session specific data?
- what is the difference between ControllerContext.HttpContext.Session and HttpContext.Current.Session
- MVC - SQL Session State vs Storing values in db
- Different ways of storing data in session state