SessionStateSection.Cookieless SessionStateSection.Cookieless SessionStateSection.Cookieless SessionStateSection.Cookieless Property


获取或设置一个值,该值指示是否使用 Cookie 标识客户端会话。Gets or sets a value indicating whether cookies are used to identify client sessions.

 property System::Web::HttpCookieMode Cookieless { System::Web::HttpCookieMode get(); void set(System::Web::HttpCookieMode value); };
public System.Web.HttpCookieMode Cookieless { get; set; }
member this.Cookieless : System.Web.HttpCookieMode with get, set
Public Property Cookieless As HttpCookieMode


如果所有请求都被视为无 Cookie,则为 true;如果没有任何请求被视为无 Cookie,则为 false;或者为 HttpCookieMode 值之一。true if all requests are treated as cookieless, or false if no requests are treated as cookieless, or one of the HttpCookieMode values. 在 ASP.NET 2.0 版中,默认值为 AutoDetectThe default value in ASP.NET version 2.0 is AutoDetect. 在早期版本中,默认值为 falseIn earlier versions, the default value was false.


下面的代码示例演示如何获取Cookieless属性。The following code example demonstrates how to get the Cookieless property. 有关如何SessionStateSection SessionStateSection访问对象的详细说明, 请参阅类主题中的代码示例。Refer to the code example in the SessionStateSection class topic to learn how to access the SessionStateSection object.

// Display the current Cookieless property value.
Console.WriteLine("Cookieless: {0}",
' Display the current Cookieless property value.
Console.WriteLine("Cookieless: {0}", sessionStateSection.Cookieless)


会话状态可以通过两种方式来存储将客户端与服务器会话关联的唯一 ID: 在客户端上存储 HTTP cookie, 或对 URL 中的会话 ID 进行编码。There are two ways that session state can store the unique ID that associates the client with a server session: by storing an HTTP cookie on the client or by encoding the session ID in the URL. 将会话 ID 存储在 cookie 中会更安全, 但要求客户端浏览器支持 cookie。Storing the session ID in the cookie is more secure but requires the client browser to support cookies.

对于允许不支持 cookie 的客户端的应用程序 (如多种移动设备), 可以将会话 ID 存储在 URL 中。For applications that allow clients that do not support cookies, such as a variety of mobile devices, the session ID may be stored in the URL. URL 选项具有几个缺点。The URL option has several drawbacks. 它要求站点上的链接是相对的, 并且在会话开始时将使用新的查询字符串值重定向页面, 并且它会在查询字符串中公开会话 ID, 可以在该字符串中选取该会话 ID 以在安全攻击中使用。It requires that the links on the site be relative and that the page be redirected at the beginning of the session with new query-string values, and it exposes the session ID right in the query string, where it can be picked up for use in a security attack.

如果你需要支持缺少 cookie 支持的客户端, 则建议你仅使用无 cookie 模式。You are encouraged to use the cookieless mode only if you need to support clients that lack cookie support.

会话状态还支持另外两个选项UseDeviceProfile : AutoDetect和。Session state also supports two additional options: UseDeviceProfile and AutoDetect. 前者允许会话状态模块根据浏览器功能确定每个客户端上使用的模式 (cookie 或无 cookie)。The former enables the session-state module to determine what mode (cookie or cookieless) is used on a per-client basis based on the browser capabilities. AutoDetect选项使用浏览器执行握手, 以验证是否可以存储 cookie, 并因此需要额外的请求来做出决定。The AutoDetect option performs a handshake with the browser to verify whether a cookie may be stored, and therefore requires an additional request to make the determination. 如果需要支持无 cookie 的客户端, 则强烈UseDeviceProfile考虑使用只为需要它们的客户端生成无 cookie url。If you need to support cookieless clients, strongly consider using UseDeviceProfile to generate cookieless URLs only for clients that require them.


UP。Browser 4.1 或更高。浏览器 3.2 Redirect始终的行为方式与HttpBrowserCapabilities Cookieless SupportsRedirectWithCookie false对象的属性的值相同, 除非 web.config 的部分中的属性显式设置为SessionState true.With UP.Browser 4.1 or UP.Browser 3.2, Redirect always behaves as if the value of the SupportsRedirectWithCookie property of the HttpBrowserCapabilities object is false, unless the Cookieless property in the SessionState section of Web.config has been explicitly set to true.

在 ASP.NET 版本1.1 中, 此设置true的选项为或false, 但对于 ASP.NET 2.0, 将展开选项, 并且AutoDetect现在为默认设置。In ASP.NET version 1.1, the options for this setting were true or false, but with ASP.NET 2.0, the choices are expanded, and AutoDetect is now the default setting. 如果你的Cookieless Web 应用程序将属性设置为布尔值, 则Redirect应对这些浏览器按预期方式工作。If your Web application has the Cookieless property set to a Boolean value, then Redirect should work as expected for these browsers.