Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why is it a bad idea to use Session to store state in high traffic websites?

Tags:

I am watching the ASP.NET learn videos on asp.net/learn. In this tutorial, they are building a quiz engine. At one point, the narrator explains that we are going to use the Session object to maintain the state between each page (each page contains a question and four answers). He says that "since this is a low traffic website" it is okay to use Session and that he doesn't have the time to implement a more sophisticated method.

I am just wondering what alternate method(s) is he hinting at? And why is session a bad choice for a high traffic website?

like image 968
MedicineMan Avatar asked Apr 20 '09 17:04

MedicineMan

People also ask

Is using session storage bad?

Vulnerability to Cross-Site Scripting (XSS) Attacks XSS attacks inject malicious scripts into web applications, and unfortunately, both LocalStorage and SessionStorage are vulnerable to XSS attacks. XSS attacks can be used to get data from storage objects and add malicious scripts to the data stored.

Where is session data stored?

Structure of a session The session can be stored on the server, or on the client. If it's on the client, it will be stored by the browser, most likely in cookies and if it is stored on the server, the session ids are created and managed by the server.

2 Answers

Storing data in a database, or in cookies or some other method that is not directly tying up web server memory.

In addition to load, session also raises issues with the ability to use farms since you would either need to synchronize the session across the farm, or make sessions sticky, which can impact scalability.

like image 82
Jason Coyne Avatar answered Dec 04 '22 22:12

Jason Coyne

For alternatives you can read the article Nine Options for Managing Persistent User State in Your ASP.NET Application.

In the articles the author explains the pros and cons of each method.

From the summary:

ASP.NET provides many different ways to persist data between user requests. You can use the Application object, cookies, hidden fields, the Session or Cache objects, and lots of other methods. Deciding when to use each of these can sometimes be difficult. This article will introduce the aforementioned techniques and present some guidelines on when to use them. Although many of these techniques existed in classic ASP, best practices for when to use them have changed with the introduction of the .NET Framework. To persist data in ASP.NET, you'll have to adjust what you learned previously about handling state in ASP.

like image 45
eKek0 Avatar answered Dec 04 '22 22:12

eKek0
Sign in to Comment

Related questions

How to get Oracle create table statement in SQL*Plus
Image from HttpHandler won't cache in browser
Self Referencing Class Definition in python
What is the best way to draw text along with geometry?
How to make an Android SlidingDrawer slide out from the left?
Python standard library to POST multipart/form-data encoded data
how to get selected text from iframe with javascript?
Right click in JavaFX?
How do I blit a PNG with some transparency onto a surface in Pygame? [duplicate]
How to ceil, floor and round bcmath numbers?
Is there a general-purpose object pool for .NET?
Is There A Fast GetToken Routine For Delphi?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!