我有一个ASP.NET Membership应用程序。我以“JONNY”登录,这是成功的。 RUPERT然后(来自不同的PC,在不同的位置)点击成员区域,他不会被提示登录,但他看到了Jonny的个人资料和信息。这就好像Jonny点击了“Remember Me”,然后Rupert来到他的SAME机器顶部并点击链接 - 在这里,我希望Rupert看到Jonny的页面,因为它在SAME机器上并且Jonny还没有退出。但是这两个人在不同的地方,不同的机器,不同的IP等等。
这怎么可能?
public ActionResult Login(LoginModel model, string returnUrl)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
// user is logged in here, we know the username is valid...
var memberStore = new MemberStore();
var member = memberStore.GetMemberByUsername(model.UserName);
// but now check if they've confirmed their email
// if not, sign the session out and show inactive account view...
if (!member.IsActive)
{
FormsAuthentication.SignOut();
return View("AccountNotActive");
}
string[] roleNames = Roles.GetRolesForUser(model.UserName);
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
Settings.Setting.UserSession.Member = member;
var viewModel = new MyProfileViewModel { Member = memberStore.GetMemberByUsername(model.UserName) };
viewModel.Role = roleNames[0];
return View("MyProfile", viewModel);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
public ActionResult Logout()
{
Settings.Setting.UserSession.Member = null;
FormsAuthentication.SignOut();
return View("LoggedOut");
}
答案 0 :(得分:2)
写一个答案,这样我就可以显示代码了。一个可能的快速修复可能看起来像这样:
public static class UserSession
{
public static SiteMember Member
{
get
{
return HttpContext.Current.Session["Member"] as SiteMember;
}
set
{
HttpContext.Current.Session["Member"] = value;
}
}
}
静态成员在这里没问题,因为实现适用于特定于当前用户会话的值。