当前位置: 文江博客话题详情

为什么当会话重新启动时我的用户会注销?

发布于 2024-12-11 02:23:01 字数 2114 浏览 0 评论 0原文

我有这个应用程序,它使用自定义方法来使用 FormsAuthentication 注册和登录用户。托管此服务器的政策是每 15 分钟重新启动一次会话,当发生这种情况时,我的所有用户都会注销。登录用户的代码是:

var user = this.accountRepo.GetUser(id);

// Create the forms authentication cookie
var cookieValue = user.name;
HttpCookie cookie = FormsAuthentication.GetAuthCookie(cookieValue, true);

// Dercrypt the cookie
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

// Create a new ticket with the desired data
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket
                                        (
                                            ticket.Version,
                                            ticket.Name,
                                            ticket.IssueDate,
                                            DateTime.Now.AddYears(1),
                                            true,
                                            user.Authentication
                                        );
// Update the cookies value
cookie.Value = FormsAuthentication.Encrypt(newTicket);
Response.Cookies.Set(cookie);

accountRepo.Login(user);

创建表单 cookie 并使用我的身份验证数据(基本上是用户散列密码),然后使用以下逻辑显示登录按钮或用户名:

@{
    var accountRepo = new AccountRepository();
    var user = accountRepo.GetCurrentUser();
}

@if(user != null && user.LoggedIn) {
    <div>@Html.ActionLink(Context.User.Identity.Name + " - Logout", "LogOff", "Account", null, new { @class = "logout_link" })</div>
}
else
{
    @Html.ActionLink("Login", "Login", "Account", new { returnUrl = Request.Url.AbsoluteUri }, new { @class = "login_link" })
}

以及“GetCurrentUser()”方法是:

var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

if (cookie != null)
{
    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

    return db.Users.SingleOrDefault(u => u.Authentications.Equals(ticket.UserData, StringComparison.CurrentCultureIgnoreCase));
}

return null;

我在这里错过了什么吗?我相信,使用此代码,如果会话重新启动,我的用户应该保持登录状态,这应该很重要。

提前致谢。

原文

I have this application that uses custom methods to register and loggin users using FormsAuthentication. The server where this is hosted has a policy of restarting the sessions every 15 minutes and when that happens all my users get logged out. The code to loggin a user is:

var user = this.accountRepo.GetUser(id);

// Create the forms authentication cookie
var cookieValue = user.name;
HttpCookie cookie = FormsAuthentication.GetAuthCookie(cookieValue, true);

// Dercrypt the cookie
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

// Create a new ticket with the desired data
FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket
                                        (
                                            ticket.Version,
                                            ticket.Name,
                                            ticket.IssueDate,
                                            DateTime.Now.AddYears(1),
                                            true,
                                            user.Authentication
                                        );
// Update the cookies value
cookie.Value = FormsAuthentication.Encrypt(newTicket);
Response.Cookies.Set(cookie);

accountRepo.Login(user);

With the Forms cookie created and with my Authentication data, which is basically the users hashed password, I then use the following logic to display the Login button or the username:

@{
    var accountRepo = new AccountRepository();
    var user = accountRepo.GetCurrentUser();
}

@if(user != null && user.LoggedIn) {
    <div>@Html.ActionLink(Context.User.Identity.Name + " - Logout", "LogOff", "Account", null, new { @class = "logout_link" })</div>
}
else
{
    @Html.ActionLink("Login", "Login", "Account", new { returnUrl = Request.Url.AbsoluteUri }, new { @class = "login_link" })
}

And that "GetCurrentUser()" method is:

var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];

if (cookie != null)
{
    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

    return db.Users.SingleOrDefault(u => u.Authentications.Equals(ticket.UserData, StringComparison.CurrentCultureIgnoreCase));
}

return null;

Am I missing something here? I believe that with this code It should matter if the session restarts, my users should stay logged in.

Thanks in advance.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

家住魔仙堡 2024-12-18 02:23:01

正如神秘人所说。每次会话重新启动时都会重新生成 cookie 名称,因此应用程序正在寻找名称与之前不同的 cookie。

为了让所有帮助过我的人安心,也为了将来支持这个应用程序的开发者,我重构了它,使它不再那么“邪恶”:P

It's just as Mystere Man said. The cookie name was getting re-generated every time the session rebooted, so the app was looking for the cookie with a different name than what it had before.

For the peace of mind of all of you that helped me, and for the developer that will support this app in the future, I refactored it so its not that "evil" anymore :P

回复 原文
~没有更多了~

关于作者

帥小哥

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文