HttpSessionState.SessionID HttpSessionState.SessionID HttpSessionState.SessionID HttpSessionState.SessionID Property

定義

取得工作階段的唯一識別項。Gets the unique identifier for the session.

public:
 property System::String ^ SessionID { System::String ^ get(); };
public string SessionID { get; }
member this.SessionID : string
Public ReadOnly Property SessionID As String

屬性值

唯一工作階段識別項。The unique session identifier.

範例

下列程式碼範例示範設定所要使用無 cookie 工作階段識別碼的工作階段狀態的 Web.config 檔案。The following code example shows a Web.config file that configures session state to use cookieless session identifiers. 如需詳細資訊,請參閱 IsCookieless 屬性 (Property)。For more information, see the IsCookieless property.

<configuration>  
  <system.web>  
    <sessionState   
      cookieless="true"  
      regenerateExpiredSessionId="true"  
      timeout="30" />  
  </system.web>  
</configuration>  

備註

SessionID屬性用來唯一識別伺服器上的工作階段資料的 瀏覽器。The SessionID property is used to uniquely identify a browser with session data on the server. SessionID隨機 ASP.NET 產生並儲存在瀏覽器中不會過期工作階段 cookie 值。The SessionID value is randomly generated by ASP.NET and stored in a non-expiring session cookie in the browser. SessionID值,便會與 ASP.NET 應用程式的每個要求的 cookie 中。The SessionID value is then sent in a cookie with each request to the ASP.NET application.

如果您想要停用使用 ASP.NET 應用程式中的 cookie,並仍能使用的工作階段狀態,您可以設定您的應用程式的 URL,而非 cookie 中儲存的工作階段識別碼,藉由設定cookieless屬性的sessionState組態項目true,或UseUri,在您的應用程式的 Web.config 檔案中。If you want to disable the use of cookies in your ASP.NET application and still make use of session state, you can configure your application to store the session identifier in the URL instead of a cookie by setting the cookieless attribute of the sessionState configuration element to true, or to UseUri, in the Web.config file for your application. 您可以判斷是否 cookie 支援瀏覽器所指定的值為 ASP.NETUseDeviceProfile針對cookieless屬性。You can have ASP.NET determine whether cookies are supported by the browser by specifying a value of UseDeviceProfile for the cookieless attribute. 您也可以讓 ASP.NET 決定是否啟用 cookie 的瀏覽器所指定的值是AutoDetect針對cookieless屬性。You can also have ASP.NET determine whether cookies are enabled for the browser by specifying a value of AutoDetect for the cookieless attribute. 如果支援 cookie 時UseDeviceProfile已指定,或已啟用時AutoDetect指定,則工作階段識別碼會儲存在 cookie 中; 否則為將會在 URL 中儲存的工作階段識別碼。If cookies are supported when UseDeviceProfile is specified, or enabled when AutoDetect is specified, then the session identifier will be stored in a cookie; otherwise the session identifier will be stored in the URL. 如需詳細資訊,請參閱 IsCookieless 屬性 (Property)。For more information, see the IsCookieless property.

SessionID伺服器與瀏覽器之間傳送純文字,在 cookie 中,或在 URL 中。The SessionID is sent between the server and the browser in clear text, either in a cookie or in the URL. 如此一來,不必要的來源無法存取另一位使用者的工作階段取得SessionID值並將它加入至伺服器的要求中。As a result, an unwanted source could gain access to the session of another user by obtaining the SessionID value and including it in requests to the server. 如果您要在工作階段狀態儲存私人或機密資訊,建議您搭配使用 SSL 來加密之間的瀏覽器和伺服器,其中包含的所有通訊SessionIDIf you are storing private or sensitive information in session state, it is recommended that you use SSL to encrypt any communication between the browser and server that includes the SessionID.

當使用以 cookie 為基礎的工作階段狀態時,ASP.NET 不會配置儲存體的工作階段資料,直到Session物件使用。When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. 如此一來,將新的工作階段識別碼產生的每個頁面要求,直到存取工作階段物件。As a result, a new session ID is generated for each page request until the session object is accessed. 如果您的應用程式需要靜態的工作階段識別碼的整個工作階段,您可以實作Session_Start方法,在應用程式的 Global.asax 檔案並將資料儲存在Session物件來修正工作階段識別碼,或您可以使用程式碼中的另一個組件您的應用程式明確地將資料儲存在Session物件。If your application requires a static session ID for the entire session, you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, or you can use code in another part of your application to explicitly store data in the Session object.

如果您的應用程式會使用無 cookie 工作階段狀態,工作階段識別碼會在第一個頁面檢視上產生和維護整個工作階段。If your application uses cookieless session state, the session ID is generated on the first page view and is maintained for the entire session.

適用於

另請參閱