Safari 和 Asp.net 中 cookie 的奇怪问题
我在 Asp.net 的登录页面上遇到一个奇怪的问题,这个问题只发生在 Safari 上。
验证用户后,我从数据库中获取用户名(数据库中的字段为 UTF8)并将其保存在 cookie 中。问题是,当用户的名称带有特殊字符时,我会被重定向到我来自的页面,而无需登录。例如“Moller”工作正常,用户已登录但不是“Møller”。
同样,只有在 Safari 中且名称中包含特殊字符时才会发生这种情况。不起作用的行是: Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);
这是我的代码:
string userid = validUserWithEmail(TextBoxEmail.Text, TextBoxPassword.Text);
if (userid != null) {
//VALID USER
Response.Cookies["userInfo"].Expires = DateTime.Now.AddDays(30);
Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);
FormsAuthentication.RedirectFromLoginPage(userid, CheckBoxPersistCookie.Checked);
}
else
{
//NOT A VALID USER SHOW A MESSAGE FOR THE USER OR SOMETHING
}
I have a strange problem on my login page in Asp.net this problem only happens with Safari.
When the user is validated I fetch the name of the user from the database (the field in the database is UTF8) and save it in a cookie. The problem is that when the user has a name with special characters I get redirected to the page where I came from without being logged in. For example "Moller" works fine and the user is logged in but not "Møller".
Again this is only happening with Safari and when I have special characters in the name. The row that isn't working is: Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);
This is my code:
string userid = validUserWithEmail(TextBoxEmail.Text, TextBoxPassword.Text);
if (userid != null) {
//VALID USER
Response.Cookies["userInfo"].Expires = DateTime.Now.AddDays(30);
Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);
FormsAuthentication.RedirectFromLoginPage(userid, CheckBoxPersistCookie.Checked);
}
else
{
//NOT A VALID USER SHOW A MESSAGE FOR THE USER OR SOMETHING
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Safari 不会设置值中含有非 ASCII 字符的 cookie,并且其他浏览器如何显示非 ASCII 字符可能无法预测。由于任何浏览器的 cookie 值中都不允许使用分号,因此我建议使用 UrlEncode/UrlDecode。
如果您只是编写 cookie,并且无法控制站点读取/显示要放入 URLDecode 中的值,您也可以执行以下操作:
这将确保在 cookie 和 Safari、Chrome、Firefox 中设置完整的字符串即使没有 ; ,IE 仍然会识别 html 代码。并且读取时不需要解码。
有关 Cookie 规范的详细答案,请参阅:Cookie 中允许的字符
Safari will not set cookies with non-ASCII characters in their value and other browsers can be unpredictable in how they display non-ASCII characters. As semi-colon is also not allowed in cookie values for any browser I would recommend using UrlEncode/UrlDecode.
If you are just writing the cookie and do not have control over the site reading/displaying the value to put in the URLDecode you can also do something like this:
This will ensure the full string is set in the cookie and Safari, Chrome, Firefox and IE will still recognize the html codes even without the ; and does not require decoding when read.
For a longer answer on cookie specs see: Allowed characters in cookies