多页共享表单认证cookie的问题

【问题标题】:A Problem About Shared Form Authentication Cookie On Multiple Pages多页共享表单认证cookie的问题
【发布时间】:2010-12-16 12:16:27
【问题描述】:

在我的应用程序中,我使用表单身份验证。我的验证码如下:

public static void Authenticate(bool redirectToPage, ISecurityUser user, params string[] roles)
    {
        FormsAuthentication.Initialize();
        GenericIdentity id = new GenericIdentity(user.UserName);
        ExtendedPrincipal principal = new ExtendedPrincipal(id, user, roles);
        //ExtendedPrincipal principal = new ExtendedPrincipal(id, user, new string[] { "1" });

        string compressedPrincipal = ConvertPrincipalToCompressedString(principal);

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(30), true, compressedPrincipal, FormsAuthentication.FormsCookiePath);

        string hash = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

        //cookie.HttpOnly = false;
        //cookie.Expires = DateTime.Now.AddMinutes(30);

        HttpContext.Current.Response.Cookies.Add(cookie);

        if (redirectToPage)
        {
            HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(user.UserName, true));
        }
    }

用户对象包含 FirmID 和 DealerID 属性。登录应用程序后,我可以从应用程序中替换 FirmID 和 DealerID。更改流程后运行此代码:

public static void RefreshIdentitiy(ISecurityUser user)
    {
        HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
        HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

        ExtendedPrincipal principal = ConvertCompressedStringToPrincipal(ticket.UserData);
        principal.BindProperties(user);

        FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
        ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
        ticket.IsPersistent, ConvertPrincipalToCompressedString(principal), ticket.CookiePath);

        cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newticket));

        HttpContext.Current.Response.Cookies.Add(cookie);            
    }

我的问题是:当我从第二页打开应用程序时,第二页的 cookie 会压碎第一页。所以首页的FirmID和DealerID也发生了变化。

当我从第二页打开应用程序时,我不希望 cookie 粉碎另一个。对于这个问题我能做些什么?

【问题讨论】:

    标签: c# asp.net authentication cookies forms-authentication


    【解决方案1】:

    你应该在你的所有页面上做这样的事情:

    if(Request.Cookies[FormsAuthentication.FormsCookieName]!=null)
{
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

        cookie.HttpOnly = false;
        cookie.Expires = DateTime.Now.AddMinutes(30);

        HttpContext.Current.Response.Cookies.Add(cookie);
}

    编辑 我的目标是确保您不会在每次进入新页面时都覆盖您的 cookie

    【讨论】:

    • 你写代码的目的是什么?你能解释一下,我在做什么?
    猜你喜欢
    • 1970-01-01
    • 2020-06-02
    • 2018-09-07
    • 1970-01-01
    • 2023-03-25
    • 1970-01-01
    • 2014-05-02
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode