我建立了一个在两个负载平衡的服务器(Web场)上运行的站点,过了一会儿,我必须执行以下操作:
在登录页面上,当用户输入用户名并通过时,如果该用户有效,那么我将放弃会话并创建一个新会话,如下所示:
protected void btnLogin_Click(object sender, EventArgs e)
{
var Token = Guid.Empty;
try
{
if (IsValidCaptcha())
{
string email = txtEmail.Text.Trim();
string pw = txtPassword.Text.Trim();
AbandonSession();//Delete any existing sessions
var newSessionId = CreateSessionId(HttpContext.Current); //Create a new SessionId
SetSessionId(HttpContext.Current, newSessionId);
Token = SecureLogin.Login(email, pw, LangCode);
}
else
{
lblMsg.Style.Add("display", "block");
}
}
catch (Exception)
{
Token = Guid.Empty;
lblMsg.Style.Add("display", "block");
}
if (Token != Guid.Empty)
{
Response.Redirect($"HiddenPage.aspx?token={Token.ToString()}", false);
}
else
{
lblMsg.Style.Add("display", "block");
}
}
protected void AbandonSession()
{
Session.Clear();
Session.Abandon();
Session.RemoveAll();
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["__AntiXsrfToken"] != null)
{
Response.Cookies["__AntiXsrfToken"].Value = string.Empty;
Response.Cookies["__AntiXsrfToken"].Expires = DateTime.Now.AddMonths(-20);
}
}
private string CreateSessionId(HttpContext httpContext)
{
var manager = new SessionIDManager();
string newSessionId = manager.CreateSessionID(httpContext);
return newSessionId;
}
public void SetSessionId(HttpContext httpContext, string newSessionId)
{
try
{
var manager = new SessionIDManager();
manager.SaveSessionID(httpContext, newSessionId, out bool redirected, out bool cookieAdded);
}
catch(Exception ex)
{
SmtpMailer.SendMsg(ex.Message + ex.StackTrace + ex.InnerException, "", "");
}
}
这是网站的要求之一,我根本无法更改(登录网站后更改会话)。
应用此方法后,我几乎在网站的每个页面(不时出现)都开始出现此错误。
Event code: 4009
Event message: Viewstate verification failed.
Reason: The viewstate supplied failed integrity check.
Event time: 1/22/2019 2:53:36 PM
Event time (UTC): 1/22/2019 7:53:36 PM
Event ID: 5ffacfa116224c9f8f516ead8a89cc55
Event sequence: 378
Event occurrence: 1
Event detail code: 50203
Application information:
Application domain: /LM/W3SVC/2/ROOT-1-131926597583461452
Trust level: Full
Application Virtual Path: /
Application Path: ...........
Machine name: .............. Process information:
Process ID: 6624
Process name: w3wp.exe
Account name: IIS APPPOOL\.............. Request information:
Request URL: ............../qConsole/CampaignGroup-Launch.aspx
Request path: /qConsole/CampaignGroup-Launch.aspx
User host address: ..............
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\..............
我仔细检查了(a)负载均衡中两台服务器上的机器密钥/解密密钥是否相同,以及(b)它们未设置为自动生成
我也将此代码添加到Global.asax
protected void Session_Start(object sender, EventArgs e)
{
Session.Timeout = 60;
}
并且我已经在web.config文件中设置了
<sessionState timeout="25" />
我觉得我遇到的问题与我添加的功能(在登录页面之后创建新的sessionId)有关,真的很感激任何想法或想法。
我尝试了这个,但是根本解决不了
谢谢。