asp.net 能否将 cookieless 与 cookie 会话存储的会话数据混合在一起?

发布于 2024-10-23 19:40:05 字数 612 浏览 5 评论 0原文

是否可以将无 cookie 会话与 cookie 会话混合使用?

我有一个应用程序,可以捕获用户详细信息,然后将付款重定向到 ssl 页面。我想知道这是否可能?

http://www.mydomain.com/confirm.aspx

重定向到

https://www.mydomain.com/(S(za1tw2l2k02jer4fiskzlovd) ))/ payment.aspx

注意:后面的url中的session Id。

因此,本质上,我们对大多数应用程序使用标准 cookie 会话,但当我们传输到 ssl 页面时,我们将 SessionId 传递到 https url 以获取会话。我已在本地尝试过此操作,但它会启动一个新会话。

我错过了一个技巧吗?

谢谢

Is it possible to use mixed cookieless sessions with cookie sessions?

I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible?

http://www.mydomain.com/confirm.aspx

redirects to

https://www.mydomain.com/(S(za1tw2l2k02jer4fiskzlovd))/payment.aspx

Note: the session Id in the latter url.

So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.

Am I missing a trick?

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

栖迟 2024-10-30 19:40:05

我找到了一个似乎有效的解决方案

在 http 和 https 之间传输时,我有以下内容:

如您所见,我将会话 ID 手动传递到 https 页面。

protected void btnPurchase_Click(object sender, EventArgs e)
{
        // Confirm puchase code **

        string sslPaymentPath = string.Format("https://{0}/payment.aspx?sid={1}", Request.Url.DnsSafeHost, Session.SessionID);

        Response.Redirect(sslPaymentPath);

}

到达 ssl 后页面中,asp.net 将该请求视为新会话,因此我使用 global.asax 中的 Start_Session 方法放弃新创建的会话,并使用从查询字符串传入的会话 id 添加新的会话 cookie。因为此时填充会话 keyValue 对的 AquireSessionState 已经运行,所以我需要将页面重定向回自身以重新填充这些值。

它似乎工作得很好:)

    void Session_Start(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // Code to load session over ssl. When changing between two sessions
        if (isPaymentPage && Request.QueryString["sid"] != null && Request.IsSecureConnection)
        {
            string passedSessionId = Request.QueryString["sid"];
            Session.Abandon();
            Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", passedSessionId));
            Response.Redirect(Request.Url.LocalPath, true);
        }
    }

另外,对于有人在浏览 ssl buy.aspx 页面时点击外部链接,我在 global.asax 中编写了以下内容,将流量重定向回标准的无 ssl 页面(如果不是付款)页。

void Application_BeginRequest(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // In the case someone has navigated away from the payment page redirect them back to the none secure protocol.
        if (!isPaymentPage && Request.IsSecureConnection)
        {
            bool isAxdResource = (Request.Path.ToLower().IndexOf(".axd") != -1);

            if (!isAxdResource)
            {
                string url = Request.Url.AbsoluteUri.ToLower().Replace("https://", "http://");
                Response.Redirect(url,true);
            }
        }
    }

希望有人觉得这很有用,我被困了一段时间试图想出一个好的解决方案。

我的灵感来自这个网址

I've found a solution that seems to work

When transfering between http and https i've the following:

As you can see I'm passing the session id manually to the https page.

protected void btnPurchase_Click(object sender, EventArgs e)
{
        // Confirm puchase code **

        string sslPaymentPath = string.Format("https://{0}/payment.aspx?sid={1}", Request.Url.DnsSafeHost, Session.SessionID);

        Response.Redirect(sslPaymentPath);

}

Upon reaching the ssl page, asp.net sees the request as a new session so I use the Start_Session method in the global.asax to abandon the newly created session and add a new session cookie with the session id passed in from the query string. Because the AquireSessionState which populates the session keyValue pair has already been run by this point I need to redirect the page back to itself to repopulate those values.

It seems to work really well :)

    void Session_Start(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // Code to load session over ssl. When changing between two sessions
        if (isPaymentPage && Request.QueryString["sid"] != null && Request.IsSecureConnection)
        {
            string passedSessionId = Request.QueryString["sid"];
            Session.Abandon();
            Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", passedSessionId));
            Response.Redirect(Request.Url.LocalPath, true);
        }
    }

Also with regard to somebody clicking on an external link whilst browsing the ssl purchase.aspx page i've written following in the global.asax to redirect traffic back to standard none ssl pages if it's not the payment page.

void Application_BeginRequest(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // In the case someone has navigated away from the payment page redirect them back to the none secure protocol.
        if (!isPaymentPage && Request.IsSecureConnection)
        {
            bool isAxdResource = (Request.Path.ToLower().IndexOf(".axd") != -1);

            if (!isAxdResource)
            {
                string url = Request.Url.AbsoluteUri.ToLower().Replace("https://", "http://");
                Response.Redirect(url,true);
            }
        }
    }

Hope somebody finds this useful, I was stuck for a while trying to come up with a nice solution.

My inspiration came from this url.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文