Set-cookie间歇性地不被遵守

时间:2010-12-22 16:49:40

标签: asp.net browser cookies

我有一个asp.net mvc应用程序,它正在验证用户名/密码,如果正确在浏览器中设置cookie并执行302到另一个页面。

由于某种原因,浏览器会忽略set-cookie,因此永远不会存储cookie。奇怪的是:

  1. 即使在我的测试环境中在不同选项卡中运行的相同代码失败,我本地环境中完全相同的代码也能正常运行
  2. 它在某些浏览器中运行良好但在其他浏览器中运行不正确
  3. 有时可以在以前无法正常工作的浏览器中使用

    我打开了提琴手并且一直在比较请求/响应,一切看起来都一样。任何人都可以提出任何有关最新情况的建议吗?

  4. 无效

    登录回复:

    HTTP/1.1 302 Found
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Location: https://foo.test/bar
    Server: Microsoft-IIS/7.0
    X-AspNetMvc-Version: 2.0
    X-AspNet-Version: 2.0.50727
    Set-Cookie: .ASPXAUTH=7C02633DAD998CB9CD25CC413FF34506DBF9095B78FC69FD03F83C4F7A091BF45469D389510F5ADD286AB6131EEC14609199C9CAD6B82E2BAFB61DE382BC34A65B72FEE5A9DD53820250E339FB6B863974C91F25CD2BE53646296C6E72F6C18F53C4BE7F9977CE9DB58647D9190093A167DCCBC698D5D4803739D0ECDA4621E744FF886EF7E0E1D3B0ED4A12FB08E34D521F20AA5C9549C66BD3171C68313E70E0ACCB851FA7A7D1509EF30345998A80DF0577F38A8C85E141C4F17803205CDDE05DD2C9; expires=Wed, 22-Dec-2010 16:45:06 GMT; path=/
    X-Powered-By: ASP.NET
    Date: Sun, 01 Jan 2012 15:36:01 GMT
    Content-Length: 220
    
    <html><head><title>Object moved</title></head><body>
    <h2>Object moved to <a href="https://foo.test/bar">here</a>.</h2>
    </body></html>
    

    下一个请求(注意没有新的cookie):

    GET https://foo.test/bar HTTP/1.1
    Host: foo.test
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-gb,fr;q=0.7,en;q=0.3
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Referer: https://foo.test/login
    Cookie: ASP.NET_SessionId=oskgcf45t5oqvo453kmftw45; 
    

    工作

    登录回复:

    HTTP/1.1 302 Found
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Location: https://foo.local/bar
    Server: Microsoft-IIS/7.5
    X-AspNetMvc-Version: 2.0
    X-AspNet-Version: 2.0.50727
    Set-Cookie: .ASPXAUTH=CE23F217A77AC4D7DE76D16EDC27B21257973DECEF8F85D2FD3E345D051C81BE42F35978884BF7E508BF298824BADE1461C56966F5C6A2BF96F2E99F038068CBC068755494A3CD36BB2283040378982B7F96C76E1E2DCF1F6F481AB9C1399D7CFADF30B3049BDE7E94215DF58D091364974C69399AF92B0E03A10C3BF25907DC187060E681D4867E24DBB39F2D26659FDCDCD661DF8DFD88ABD7E4D931207614611013CA68065F7805D055E1FFF72B91C07C5576D4581FB9E4A04029E51E0A78ADD6B894; expires=Wed, 22-Dec-2010 16:49:34 GMT; path=/
    X-Powered-By: ASP.NET
    Date: Wed, 22 Dec 2010 16:19:34 GMT
    Content-Length: 221
    
    <html><head><title>Object moved</title></head><body>
    <h2>Object moved to <a href="https://foo.local/bar">here</a>.</h2>
    </body></html>
    

    下一个请求(注意新cookie):

    GET https://local.toptable.com/ism/confirm?c=2&o=True&v=1313&t=12-00&d=21-12-2010&l=True HTTP/1.1
    Host: foo.local
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-gb,fr;q=0.7,en;q=0.3
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Referer: https://foo.local/login
    Cookie: ASP.NET_SessionId=5aefag4544y4pvqht1k3k455; .ASPXAUTH=CE23F217A77AC4D7DE76D16EDC27B21257973DECEF8F85D2FD3E345D051C81BE42F35978884BF7E508BF298824BADE1461C56966F5C6A2BF96F2E99F038068CBC068755494A3CD36BB2283040378982B7F96C76E1E2DCF1F6F481AB9C1399D7CFADF30B3049BDE7E94215DF58D091364974C69399AF92B0E03A10C3BF25907DC187060E681D4867E24DBB39F2D26659FDCDCD661DF8DFD88ABD7E4D931207614611013CA68065F7805D055E1FFF72B91C07C5576D4581FB9E4A04029E51E0A78ADD6B894
    

1 个答案:

答案 0 :(得分:4)

在“不工作”登录响应中,服务器的Date:标头的值为Sun, 01 Jan 2012 15:36:01 GMT(未来!),并且您的Cookie过期设置为Wed, 22-Dec-2010 16:45:06 GMT,这将导致浏览器立即使cookie过期,从而不存储它。