【发布时间】:2015-11-22 18:57:20
【问题描述】:
我正在开发一个 asp-mvc 应用程序,并希望设置所有具有安全属性的 cookie。我阅读了类似的主题并在我的网络配置中添加了以下内容:
<httpCookies httpOnlyCookies="true" requireSSL="true" />
还创建了一个 HttpModule,我已经通过 web config 注册并实现了它,如下所示: 我已经检查了调试,并且每个请求都到达 OnApplicationBeginRequest 和 OnApplicationEndRequest 代码。
public class SecureSessionModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.BeginRequest += OnApplicationBeginRequest;
context.EndRequest += OnApplicationEndRequest;
}
void OnApplicationBeginRequest(object sender, EventArgs e)
{
HttpRequest currentRequest = ((HttpApplication)sender).Request;
HttpCookie requestCookie = RetrieveRequestCookie(currentRequest, "ASP.NET_SessionId");
if (requestCookie != null)
{
requestCookie.Secure = true;
}
}
void OnApplicationEndRequest(object sender, EventArgs e)
{
HttpRequest currentRequest = ((HttpApplication)sender).Request;
HttpCookie sessionCookie = RetrieveResponseCookie(((HttpApplication)sender).Response, "ASP.NET_SessionId");
if (sessionCookie != null)
{
sessionCookie.Secure = true;
}
}
private HttpCookie RetrieveResponseCookie(HttpResponse currentResponse, string cookieName)
{
HttpCookieCollection cookies = currentResponse.Cookies;
return FindTheCookie(cookies, cookieName);
}
private HttpCookie FindTheCookie(HttpCookieCollection cookieCollection, string cookieName)
{
for (int i = 0; i < cookieCollection.Count; i++)
{
if (string.Compare(cookieCollection[i].Name, cookieName, true, CultureInfo.InvariantCulture) == 0)
return cookieCollection[i];
}
return null;
}
现在,我在请求中打开了 fiddler:
Request sent 42 bytes of Cookie data:
ASP.NET_SessionId=XXXXXXXXXXXXXXXXXXX
and that's it
作为响应,“此响应未设置任何 cookie”。
应用程序似乎忽略了我的所有设置。请问有什么建议吗?
【问题讨论】:
-
你是如何用 webconfig 实际注册这个 http 模块的?
-
@misha130
标签: c# asp.net-mvc cookies