正在更改SessionId导致此错误“ Viewstate验证失败。原因:viewstate提供的完整性检查失败。”

时间:2019-01-23 22:07:41

标签: c# asp.net .net viewstate session-management

我建立了一个在两个负载平衡的服务器(Web场)上运行的站点,过了一会儿,我必须执行以下操作:

在登录页面上,当用户输入用户名并通过时,如果该用户有效,那么我将放弃会话并创建一个新会话,如下所示:

protected void btnLogin_Click(object sender, EventArgs e)
        {
            var Token = Guid.Empty;
            try
            {
                if (IsValidCaptcha())
                {
                    string email = txtEmail.Text.Trim();
                    string pw = txtPassword.Text.Trim();                      

                    AbandonSession();//Delete any existing sessions
                    var newSessionId = CreateSessionId(HttpContext.Current); //Create a new SessionId
                    SetSessionId(HttpContext.Current, newSessionId);

                    Token = SecureLogin.Login(email, pw, LangCode);

                }
                else
                {
                    lblMsg.Style.Add("display", "block");
                }
            }
            catch (Exception)
            {
                Token = Guid.Empty;
                lblMsg.Style.Add("display", "block");
            }

            if (Token != Guid.Empty)
            {
                Response.Redirect($"HiddenPage.aspx?token={Token.ToString()}", false);
            }
            else
            {
                lblMsg.Style.Add("display", "block");
            }

        }


protected void AbandonSession()
        {
            Session.Clear();
            Session.Abandon();
            Session.RemoveAll();
            if (Request.Cookies["ASP.NET_SessionId"] != null)
            {
                Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
                Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
            }
            if (Request.Cookies["__AntiXsrfToken"] != null)
            {
                Response.Cookies["__AntiXsrfToken"].Value = string.Empty;
                Response.Cookies["__AntiXsrfToken"].Expires = DateTime.Now.AddMonths(-20);
            }
        }

        private string CreateSessionId(HttpContext httpContext)
        {
            var manager = new SessionIDManager();

            string newSessionId = manager.CreateSessionID(httpContext);

            return newSessionId;
        }

        public void SetSessionId(HttpContext httpContext, string newSessionId)
        {
            try
            {
                var manager = new SessionIDManager();

                manager.SaveSessionID(httpContext, newSessionId, out bool redirected, out bool cookieAdded);
            }
            catch(Exception ex)
            {
                SmtpMailer.SendMsg(ex.Message + ex.StackTrace + ex.InnerException, "", "");
            }

        }

这是网站的要求之一,我根本无法更改(登录网站后更改会话)。

应用此方法后,我几乎在网站的每个页面(不时出现)都开始出现此错误。

Event code: 4009  
        Event message: Viewstate verification failed. 
        Reason: The viewstate supplied failed integrity check.  
        Event time: 1/22/2019 2:53:36 PM  
        Event time (UTC): 1/22/2019 7:53:36 PM  
        Event ID: 5ffacfa116224c9f8f516ead8a89cc55  
        Event sequence: 378  
        Event occurrence: 1  
        Event detail code: 50203    
        Application information: 
        Application domain: /LM/W3SVC/2/ROOT-1-131926597583461452 
        Trust level: Full 
        Application Virtual Path: / 
        Application Path: ........... 
        Machine name: ..............    Process information: 
        Process ID: 6624 
        Process name: w3wp.exe 
        Account name: IIS APPPOOL\..............    Request information: 
        Request URL: ............../qConsole/CampaignGroup-Launch.aspx
        Request path: /qConsole/CampaignGroup-Launch.aspx 
        User host address: .............. 
        User:  
        Is authenticated: False 
        Authentication Type:  
        Thread account name: IIS APPPOOL\..............

我仔细检查了(a)负载均衡中两台服务器上的机器密钥/解密密钥是否相同,以及(b)它们未设置为自动生成

我也将此代码添加到Global.asax

protected void Session_Start(object sender, EventArgs e)
        {
            Session.Timeout = 60;
        }

并且我已经在web.config文件中设置了

<sessionState timeout="25" />

我觉得我遇到的问题与我添加的功能(在登录页面之后创建新的sessionId)有关,真的很感激任何想法或想法。

更新:

我尝试了这个,但是根本解决不了

Viewstate verification failed. Reason: The viewstate supplied failed integrity check.

谢谢。

0 个答案:

没有答案