我的Cookie管理代码存在问题。在每个页面上,我都会查看是否已设置键值。我的问题是,查看cookie会创建一个空cookie。
在本地,我可以查看cookie,然后设置键值,这一切都与世界一致。但是当我将代码移动到测试服务器时,一切都表现不同。例如,在本地,只发出一个cookie(以chrome的工具显示)。在服务器上,使用相同的代码发出2个cookie。
我大约4年前编写了这段代码,当HttpCookie行为发生变化时,它是为.net 2.0设计的,因此如果cookie不存在,那么查看cookie就会创建一个空的。以前,在.Net 1.1中返回null。现在我想知道在2.0和4.0之间发生了一些根本性的改变。
我应该注意到我的本地计算机是Windows 7,而服务器是Windows 2003服务器 - 而不是它应该有所不同。唯一需要注意的是该应用程序正在服务器上的虚拟目录中运行。这会在问题中发挥作用吗?我不确定。我尝试将cookie的路径设置为虚拟目录的路径而没有运气。
我的cookie有几个层,包括用于直接处理http cookie的基础层,可以打开或关闭以进行调试的加密层,然后是管理层。我将分享我的代码,希望我的逻辑中有一个明显的错误。
我还想提一下,我正在使用FormsAuthentication cookie进行其他操作。这个cookie用于一些无关但必需的数据。
我的基本cookie层:
public abstract class BaseCookie
{
#region Private Variables
private string cookieName;
private int timeout = 30;
private ExpirationMode expirationMode = ExpirationMode.SlidingExpiration;
private string domain;
private bool httpOnly = true;
private string path = "/";
private bool secure;
private string cookieValue;
#endregion
#region Public Properties
/// <summary>
/// The name of the cookie as it appears in the request and response
/// </summary>
protected string CookieName
{
get { return cookieName; }
set { cookieName = value; }
}
/// <summary>
/// The expiration mode of the cookie (default SlidingExpiration)
/// </summary>
public ExpirationMode ExpirationMode
{
get { return expirationMode; }
}
/// <summary>
/// The timeout in minutes (default 30)
/// </summary>
public int Timeout
{
get { return timeout; }
set { timeout = value; }
}
/// <summary>
/// The cookie domain (default String.Empty)
/// </summary>
public string Domain
{
get { return domain; }
set { domain = value; }
}
/// <summary>
/// Whether or not the cookie is http only (default true)
/// </summary>
public bool HttpOnly
{
get { return httpOnly; }
set { httpOnly = value; }
}
/// <summary>
/// The path of the cookie (default "/")
/// </summary>
public string Path
{
get { return path; }
set { path = value; }
}
/// <summary>
/// Whether or not the cookie supports https (default false)
/// </summary>
public bool Secure
{
get { return secure; }
set { secure = value; }
}
/// <summary>
/// The Value of the cookie (NOTE: this should only be used for setting the value when calling AppendNewCookie().
/// This will not change the value of the cookie after initialization. Use SetCookieValue and GetCookieValue after initialization.
/// </summary>
public string Value
{
get { return cookieValue; }
set { cookieValue = value; }
}
/// <summary>
/// The cookie in the Request
/// </summary>
private HttpCookie RequestCookie
{
get
{
return HttpContext.Current.Request.Cookies.Get(CookieName);
}
}
/// <summary>
/// The cookie in the Response
/// </summary>
private HttpCookie ResponseCookie
{
get
{
return HttpContext.Current.Response.Cookies.Get(CookieName);
}
}
#endregion
#region Constructors
/// <summary>
/// Constructor setting the name of the cookie with Sliding Expiration
/// </summary>
/// <param name="cookieName">the name of the cookie</param>
public BaseCookie(string cookieName)
: this(cookieName, ExpirationMode.SlidingExpiration)
{
}
/// <summary>
/// Constructor setting the name of the cookie and the expiration mode
/// </summary>
/// <param name="cookieName">the name of the cookie</param>
/// <param name="expirationMode">the Olympus.Cookies.ExpirationMode of the cookie</param>
public BaseCookie(string cookieName, ExpirationMode expirationMode)
{
this.cookieName = cookieName;
CookieConfig config = Configuration.CookieConfiguration.Cookies[cookieName];
if (config != null)
{
Domain = config.Domain;
HttpOnly = config.HttpOnly;
Path = config.Path;
Secure = config.Secure;
Timeout = config.Timeout;
}
//EnsureCookie();
}
#endregion
/// <summary>
/// This method ensures that the cookie is not empty if it exists in either the request or response.
/// Due to changes in the cookie model for 2.0, this step is VITAL to cookie management.
/// </summary>
protected void EnsureCookie()
{
//if the cookie doesn't exist in the response (hasn't been altered or set yet this postback)
if (IsNull(ResponseCookie))
{
//if the cookie exists in the request
if (!IsNull(RequestCookie))
{
//get the cookie from the request
HttpCookie cookie = RequestCookie;
//update the expiration
if (ExpirationMode == ExpirationMode.NoExpiration)
{
cookie.Expires = DateTime.Now.AddYears(10);
}
else
{
cookie.Expires = DateTime.Now.AddMinutes(Timeout);
}
//set the cookie into the response
HttpContext.Current.Response.Cookies.Set(cookie);
}
else
{
//if the response and request cookies are null, append a new cookie
AppendNewCookie();
}
}
}
/// <summary>
/// Append an empty cookie to the Response
/// </summary>
public virtual void AppendNewCookie()
{
HttpCookie cookie = new HttpCookie(CookieName);
cookie.Domain = Domain;
cookie.HttpOnly = HttpOnly;
cookie.Path = Path;
cookie.Secure = Secure;
cookie.Value = Value;
if (ExpirationMode == ExpirationMode.NoExpiration)
{
cookie.Expires = DateTime.Now.AddYears(10);
}
else
{
cookie.Expires = DateTime.Now.AddMinutes(Timeout);
}
HttpContext.Current.Response.Cookies.Add(cookie);
}
/// <summary>
/// Determine if the Cookie is null.
/// </summary>
/// <remarks>
/// Due to changes in the 2.0 cookie model, looking in the request or respnse creates an empty cookie with an
/// expiration date of DateTime.MinValue. Previously, a null value was returned. This code calls one of these
/// empty cookies a null cookie.
/// </remarks>
/// <param name="cookie">the cookie to test</param>
/// <returns>System.Boolean true if the cookie is "null"</returns>
protected static bool IsNull(HttpCookie cookie)
{
if (cookie == null)
{
return true;
}
else
{
if (String.IsNullOrEmpty(cookie.Value) && cookie.Expires == DateTime.MinValue)
{
return true;
}
}
return false;
}
/// <summary>
/// Update the expiration of the response cookie
/// <remarks>
/// If this is not done, the cookie will never expire because it will be updated with an expiry of DateTime.Min
/// </remarks>
/// </summary>
protected void SetExpiration()
{
if (ExpirationMode == ExpirationMode.NoExpiration)
{
ResponseCookie.Expires = DateTime.Now.AddYears(10);
}
else
{
ResponseCookie.Expires = DateTime.Now.AddMinutes(Timeout);
}
}
/// <summary>
/// Set the value of a cookie.
/// </summary>
/// <remarks>
/// Setting value will override all attributes.
/// </remarks>
/// <param name="value">the value to set the cookie</param>
public virtual void SetCookieValue(string value)
{
//EnsureCookie();
ResponseCookie.Value = value;
SetExpiration();
}
/// <summary>
/// Get the default value (the first value) of the cookie
/// </summary>
/// <remarks>
/// Getting the value only returns the first value (values[0]) because it has no key.
/// </remarks>
/// <returns>System.String</returns>
public virtual string GetCookieValue()
{
//EnsureCookie();
string returnValue = "";
if (RequestCookie.Values.Count > 0)
{
returnValue = RequestCookie.Values[0];
}
return returnValue;
}
/// <summary>
/// Set a key/value pair
/// </summary>
/// <param name="key">the key for the pair</param>
/// <param name="value">the value to assign to the key</param>
public virtual void SetKeyValue(string key, string value)
{
//EnsureCookie();
ResponseCookie.Values.Set(key, value);
SetExpiration();
}
/// <summary>
/// Get a value for a given key
/// </summary>
/// <param name="key">the key to find a value of</param>
/// <returns>System.String</returns>
public virtual string GetKeyValue(string key)
{
//EnsureCookie();
return RequestCookie.Values[key];
}
/// <summary>
/// Expire the cookie
/// </summary>
public virtual void Expire()
{
//Setting the expiration does not remove the cookie from the next request
ResponseCookie.Expires = DateTime.Now.AddDays(-1);
}
}
我的加密层(不包括电池)
internal sealed class EncryptedCookie : BaseCookie
{
private string decryptedCookieName;
new public string Value
{
get
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
return Encryption.DecryptQueryString(base.Value);
}
else
{
return base.Value;
}
}
set
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
base.Value = Encryption.EncryptQueryString(value);
}
else
{
base.Value = value;
}
}
}
public EncryptedCookie(string cookieName)
: base(cookieName)
{
decryptedCookieName = cookieName;
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
CookieName = Encryption.EncryptQueryString(cookieName);
}
EnsureCookie();
}
public EncryptedCookie(string cookieName, ExpirationMode expirationMode)
: base(cookieName, expirationMode)
{
decryptedCookieName = cookieName;
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
CookieName = Encryption.EncryptQueryString(cookieName);
}
EnsureCookie();
}
public override string GetCookieValue()
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
return Encryption.DecryptQueryString(base.GetCookieValue());
}
else
{
return base.GetCookieValue();
}
}
public override void SetCookieValue(string value)
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
base.SetCookieValue(Encryption.EncryptQueryString(value));
}
else
{
base.SetCookieValue(value);
}
}
public override void SetKeyValue(string key, string value)
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
base.SetKeyValue(Encryption.EncryptQueryString(key), Encryption.EncryptQueryString(value));
}
else
{
base.SetKeyValue(key, value);
}
}
public override string GetKeyValue(string key)
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
return Encryption.DecryptQueryString(base.GetKeyValue(Encryption.EncryptQueryString(key)));
}
else
{
return base.GetKeyValue(key);
}
}
}
最后,cookie管理层将它全部包装起来。
public sealed class Cookie
{
string cookieName;
public Cookie(string cookieName)
{
this.cookieName = cookieName;
}
public void AppendCookie()
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
cookie.AppendNewCookie();
}
public void SetAttribute(string attributeName, string attributeValue)
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
cookie.SetKeyValue(attributeName, attributeValue);
}
public void SetValue(string value)
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
cookie.SetCookieValue(value);
}
public string GetValue()
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
return cookie.GetCookieValue();
}
public string GetAttribute(string attributeName)
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
return cookie.GetKeyValue(attributeName);
}
}
有一个自定义配置,有助于配置cookie。这是看起来像:
<cookie>
<cookies>
<!-- enableEncryption: [ true | false ] -->
<!-- expirationMode: [ SlidingExpiration | NoExpiration ] -->
<!-- timeout: the timeout in minutes (Default 30)-->
<!-- httpOnly: [ true | false ] -->
<!-- secure: [ true | false ] -->
<add name="MyCookie" enableEncryption="true" expirationMode="SlidingExpiration" timeout="64800" domain="" httpOnly="true" path="" secure="false" />
</cookies>
</cookie>
现在,我的代码在我的网络应用程序中看起来像这样:
public int MyId
{
get
{
Cookie cookie = new Cookie(ConfigurationHelper.Cookies.MyCookie);
int myId= 0;
try
{
Int32.TryParse(cookie.GetAttribute(BILLERID_KEY), out myId);
}
catch (System.NullReferenceException)
{
//do nothing on purpose.
}
return myId;
}
set
{
Cookie cookie = new Cookie(ConfigurationHelper.Cookies.MyCookie);
cookie.SetAttribute(MY_KEY, value.ToString());
}
}
public void SetMyId(int myId)
{
Cookie cookie = new Cookie(ConfigurationHelper.Cookies.MyCookie);
cookie.SetAttribute(MYID_KEY, myId.ToString());
cookie.AppendCookie();
}
我首先调用属性以查看是否已设置用户的ID。此调用在每个页面上完成。然后在另一个页面上,用户可以进行身份验证,并将ID设置为cookie。它都在本地工作,但如果我点击服务器上的主页(其中id对id进行查找)然后进行身份验证,则不会设置cookie值。它仍然是空的。
答案 0 :(得分:1)
在HttpContext.Current.Response上检查cookie时会创建cookie。当我设置它时,我通过在HttpContext.Current.Items中粘贴cookie的副本来解决这个问题。然后,当我需要检查它是否已设置时,我检查Items而不是Response.Cookies。
不是最优雅的解决方案,但它可以完成工作。
答案 1 :(得分:1)
您没有打电话的问题
cookie.AppendCookie();
在MyId的set访问器中?你是在SetMyId方法中调用它。