如果出现“记住我”的情况,如何记录任何登录操作?选项?
我有一个 asp.net 登录 Web 表单,其中包含(用户名文本框 - 密码文本框)以及记住我复选框选项 当用户登录时,我执行以下代码,
if (provider.ValidateUser(username, password))
{
int timeOut = 0x13;
DateTime expireDate = DateTime.Now.AddMinutes(19.0);
if (rememberMeCheckBox.Checked)
{
timeOut = 0x80520;
expireDate = DateTime.Now.AddYears(1);
}
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, timeOut);
string cookieValue = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue);
cookie.Expires = expireDate;
HttpContext.Current.Response.Cookies.Add(cookie);
AddForLogin(username);
Response.Redirect("...");
}
就像用户经过身份验证后的代码一样,我通过调用方法 AddForLogin(username);
记录他在数据库中登录 但是,如果用户选择在登录时记住我,然后他尝试在任何时候未执行此登录方法(因为它使用 cookie)时访问该站点...所以我有很多问题:
1-这是记录登录操作的最佳方式还是还有其他更好的吗?
2-就我而言,如果用户选择记住我,如何记录登录操作?
I have an asp.net login web form that have ( username textBox - password textBox ) plus Remember Me CheckBox option
When user login i do the below code
if (provider.ValidateUser(username, password))
{
int timeOut = 0x13;
DateTime expireDate = DateTime.Now.AddMinutes(19.0);
if (rememberMeCheckBox.Checked)
{
timeOut = 0x80520;
expireDate = DateTime.Now.AddYears(1);
}
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, timeOut);
string cookieValue = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue);
cookie.Expires = expireDate;
HttpContext.Current.Response.Cookies.Add(cookie);
AddForLogin(username);
Response.Redirect("...");
}
as in code after user is authenticated i log that he login in db by calling method AddForLogin(username);
But if user choose remember me in login and then he try to go to site any time this login method isn't executed as it use cookies ... so i have many questions:
1- Is this the best way to log login operation or is there any other better ?
2- In my case how to log login operation in case of remember me chosen by user ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
实现登录操作的最佳方法是实现您的登录设计。在您的代码中,您似乎正在使用内置功能加上记录自定义信息。
为了记录登录信息,您可以自定义您的Provider。确实会有一些数据库更改,但您可以通过存储过程来处理它们,而无需更改整个代码。例如,创建一个新表它包含您想要的尽可能多的信息,包括登录操作(我的意思是用户如何登录,是第一次还是用户已经选择了“记住我”选项,以便用户通过cookie登录< /strong>)
最诚挚的问候
迈拉
The best way to implement login operation is to implement your login design.It seems in your code,you're using built-in functionality plus logging custom information.
In order to log login information you can customize your Provider.Indeed there will be some db changes around,but you can handle them by stored procedures with no change in entire code.For example,create a new table that holds as many information as you wish including login operation(i mean how user is logged in,is it first time or is user already chosen remember me option so that user logged in by cookie)
Best Regards
Myra
目前您没有足够的信息来区分这两种情况。我认为做你想做的事情的最简单的方法是在用户登录时添加一个临时 cookie,然后在你的页面类中,如果临时 cookie 不存在,那么他们正在使用“记住我”选项。然后你可以记录这个并设置临时cookie。
Currently you do not have enough info to distinguish the two cases. I think that the easiest way to do what you want would be to add a temp cookie when the user logs in and then in you page class, if the temp cookie is not present, then they are using the remember me option. Then you can log this and set the temp cookie.
我最终在我使用的一个应用程序中所做的是在
Session_Start()中测试他们是否已登录,并在那里进行日志记录。我发现这个确实捕获了由于登录cookie仍然有效而登录成功的人(因此他们不需要显式登录)您必须测试这对常规用户有何影响登录以确保您不会登录两次,但这很容易弄清楚。我的应用程序实际上排除了上次登录在 5 分钟内的日志记录,但这也只是为了限制记录的数量。
What I ended up doing in one application I used was test in
Session_Start()if they were logged in, and do the logging there. I found that this did capture people whose login was successful due to their login cookie still being valid (so they didn't need to explicitly log in)You'll have to test what effect this has on regular log ins to assure you aren't logging them twice, but that's simple enough to figure out. My app actually excludes logging logins when the last login was within 5 minutes, but that's just to limit how many records are there, too.
这是我阅读完所有其他答案后的看法。
以下是我考虑到性能的想法:
创建登录日志记录间隔设置,例如 12 小时或 24 小时(您的选择)。您可以将此设置存储在 web.config appSettings 中。值越小,性能影响越高。
当用户在登录页面手动成功登录时,将其记录到您的数据存储并使用当前日期时间(上次记录登录日期时间)设置 cookie。
每当用户发出页面请求时,都会比较 cookie 中存储的上次登录日期时间与当前请求日期时间之间的差异。如果差异小于设置中指定的间隔,则不记录它。如果较大,请将 cookie 值刷新为当前日期时间并将登录记录到您的数据存储。此步骤是为了减少性能损失。
Here's my opinion after read through all the other answers.
Below is my idea with performance consideration in mind:
Create a login logging interval settings, say 12 hours or 24 hours (your choice). You can store this settings in web.config appSettings. The smaller the value, the higher performance hit.
When users login successfully at the login page manually, log it to your datastore and set a cookie with the current datetime (Last logged login datetime).
Whenever users make a page request, compare the difference between the last logged login datetime stored in the cookie and the current request datetime. If the difference is less than the interval specified in the settings, do not log it. If it is larger, refresh the cookie value to the current datetime and log the login to your datastore. This step is to reduce performance hit.
如果我明白您希望完成什么,也许 FormsAuthentication_OnAuthenticate 是记录登录的正确位置吗?
If I understand what you are hoping to accomplish, maybe FormsAuthentication_OnAuthenticate in your application class (global.asax.cs) would be the right place to log the login?