我尝试为我的asp.net网站实现一个记住我的功能。
方案: 用户登录时未选中“记住我”复选框。 他注销或关闭标签/浏览器。
问题: 当用户返回登录页面时,他被视为已连接,就像他选中了“记住我”一样。
这是Login.aspx.cs的代码:
protected void Page_Load(object sender, EventArgs e)
{
myCookies = Request.Cookies;
HttpCookie authCookie = myCookies.Get(FormsAuthentication.FormsCookieName);
if (authCookie != null) // Always true!
{
HttpContext page = HttpContext.Current;
System.Security.Principal.IIdentity identity = page.User.Identity;
if (identity.IsAuthenticated) // Always true!
{
//do some data loading
Response.Redirect("~/default.aspx?p=Profil");
}
}
else if (!Page.IsPostBack)
{
Session.Abandon();
}
}
protected void LoginUser_Authenticate(object sender, AuthenticateEventArgs e)
{
if (userCredentialValid())
{
HttpCookie formAuthCook;
Response.Cookies.Clear();
if (LoginUser.RememberMeSet)
{
DateTime expiryDate = DateTime.Now.AddDays(30);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, LoginUser.UserName, DateTime.Now, expiryDate, true, String.Empty);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
formAuthCook = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
formAuthCook.Expires = ticket.Expiration;
formAuthCook.HttpOnly = true;
formAuthCook.Secure = true;
Response.Cookies.Add(formAuthCook);
}
else
{
formAuthCook = mesCookies.Get(FormsAuthentication.FormsCookieName);
if (formAuthCook != null)
{
formAuthCook.Expires = DateTime.Now;
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
}
}
e.Authenticated = true;
}
else
{
e.Authenticated = false;
}
}
事先谢谢!
编辑:在Chrome和Firefox上测试过。
答案 0 :(得分:0)
我想我找到了一个解决方法!
我创建一个cookie来指定会话持久的时间:
protected void LoginUser_Authenticate(object sender, AuthenticateEventArgs e)
{
if (userCredentialValid())
{
HttpCookie formAuthCook;
Response.Cookies.Clear();
if (LoginUser.RememberMeSet)
{
Response.Cookies.Clear();
//set the new expiry date – to thirty days from now
DateTime expiryDate = DateTime.Now.AddDays(1);
//create a new forms auth ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, LoginUser.UserName, DateTime.Now, expiryDate, true, String.Empty);
//encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
//create a new authentication cookie – and set its expiration date
formAuthCook = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
formAuthCook.Expires = ticket.Expiration;
formAuthCook.HttpOnly = true;
formAuthCook.Secure = true;
//######################### EDIT #################################
HttpCookie sCookPersistent = new HttpCookie("pSession"); //In my code I use a constante for cookie name
sCookPersistent.Value = "1";
sCookPersistent.HttpOnly = true;
sCookPersistent.Secure = true;
sCookPersistent.Expires = ticket.Expiration;
////######################### EDIT END ##########################
//add the cookie to the response.
Response.Cookies.Add(formAuthCook);
Response.Cookies.Add(sCookPersistent);//##### EDIT
}
else
{
formAuthCook = mesCookies.Get(FormsAuthentication.FormsCookieName);
if (formAuthCook != null)
{
formAuthCook.Expires = DateTime.Now;
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
}
//######################### EDIT #################################
if (Request.Cookies["pSession"] != null)
{
Request.Cookies["pSession"].Expires = DateTime.Now;
Response.Cookies.Remove("pSession");
}
////######################### EDIT END ###########################
}
e.Authenticated = true;
}
else
{
e.Authenticated = false;
}
}
在页面加载中:
HttpCookieCollection myCookies = Request.Cookies;
HttpCookie authCookie = myCookies.Get(FormsAuthentication.FormsCookieName);
bool authCookieValid = false;
if (authCookie != null)
{
//Cookie created if the user checked the remember me checkbox
//if null the session is not persistent
if (Request.Cookies["pSession"] == null)
{
authCookie.Expires = DateTime.Now;
Response.Cookies.Set(authCookie);
}
else if (!string.IsNullOrEmpty(authCookie.Value))
{
authCookieValid = true;
}
}
它不是防弹的,但它现在可以完成这项工作。
如果你们有建议,请告诉我。 :)