我们如何检测http模块中的页面刷新?
答案 0 :(得分:4)
<httpModules>
<add name="RefreshDetectionModule" type="HttpModules.RefreshDetectionModule"/>
</httpModules>
为了使HTTP-POST与另一个不同,我决定坚持在每个发送到客户端的页面中注入(或多或少)唯一ID的想法。为了实现这一点,我编写了自己的类,它继承自Stream类并将其连接到 Response.Filter 。
private void application_PreRequestHandlerExecute(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
HttpContext context = application.Context;
//write the hidden field only if the request is made to the aspx-handler
if(context.Request.Path.ToLower().EndsWith(".aspx"))
{
//attach the stream that writes the hidden field
application.Response.Filter =
new RefreshDetectionResponseFilter(application.Response.Filter,
Guid.NewGuid());
}
}
stream-class (RefreshDetectionResponseFilter)基本上只需要覆盖Write-method。我将整个流写入StringBuilder,并在结果HTML文本中搜索表单标记。
public override void Write(byte[] buffer, int offset, int count)
{
//Read the buffer from the stream
string sBuffer = UTF8Encoding.UTF8.GetString(buffer, offset, count);
//when the end of the html-text is read
if (endOfFile.IsMatch(sBuffer))
{
//append the buffer
html.Append(sBuffer);
//and fire the matching for the start of the form-tag
//the form tag contains various additional attributes, therefore
//a non-greedy expression is used to find the whole opening tag.
MatchCollection aspxPageMatches =
Regex.Matches(html.ToString(),"<form[^>]*>",RegexOptions.IgnoreCase);
//When a form-tag could be found
if(aspxPageMatches.Count > 0)
{
StringBuilder newHtml = new StringBuilder();
int lastIndex = 0;
//usually only one form tag should be
//inside a html-text, but who knows ;)
for(int i = 0; i < aspxPageMatches.Count; i++)
{
//Get the text up to the form tag.
newHtml.Append(html.ToString().Substring(lastIndex,
aspxPageMatches[i].Index -lastIndex));
//get the opening form-tag
string key = aspxPageMatches[i].Value;
//generate the new hidden field
string enc = string.Format("\r\n<input id=\"{0}\" type" +
"=\"hidden\" name=\"{0}\" value=\"{1}\"/>",
HIDDEN_FIELD_ID, guid);
//write both the the html-text
newHtml.Append(key+enc);
lastIndex = aspxPageMatches[i].Index +
aspxPageMatches[i].Value.Length;
}
//append the rest of the html-text
newHtml.Append(html.ToString().Substring(lastIndex));
html = newHtml;
}
//write the whole text back to the stream
byte[] data = UTF8Encoding.UTF8.GetBytes(html.ToString());
responseStream.Write(data, 0, data.Length);
}
else
{
//when the end of the html-text is not found yet,
//write the buffer to the stringbuilder only
html.Append(sBuffer);
}
}
现在所有页面都包含隐藏字段,我只需要在页面回发后查看隐藏字段的值。为此,我只是连接到HttpModule的BeginRequest事件,并查看隐藏字段的已发布表单。
private void application_BeginRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
HttpContext context = application.Context;
string s = "";
//Refreshing is only prohibited of the request is a post-request.
if(context.Request.HttpMethod.ToUpper().Equals("POST"))
{
//Get the guid from the http-post form
if(context.Request.Form!=null)
s = context.Request.Form[RefreshDetectionResponseFilter.HIDDEN_FIELD_ID];
//if the guid is already in the queue the post is a refresh
if(q.Contains(s) && s.Length>0)
{
//refresh -> Redirect to any other page
context.Response.Redirect("Logout.aspx");
context.Response.Flush();
context.Response.End();
}
//when the queue-size exceeded its limit (queueSize), guids will be
//removed from the queue until the queue size is lower than the limit.
while(q.Count>=queueSize)
q.Dequeue();
//since the post is not a refresh the guid is written to the queue
q.Enqueue(s);
}
}
我希望有所帮助