1. 首页
  2. 问答
  3. 关于多个页面上的共享表单身份验证Cookie的问题

关于多个页面上的共享表单身份验证Cookie的问题

2010-12-16 46 views
1

在我的应用程序中,我使用表单身份验证。我的身份验证码如下:关于多个页面上的共享表单身份验证Cookie的问题

public static void Authenticate(bool redirectToPage, ISecurityUser user, params string[] roles) 
    { 
     FormsAuthentication.Initialize(); 
     GenericIdentity id = new GenericIdentity(user.UserName); 
     ExtendedPrincipal principal = new ExtendedPrincipal(id, user, roles); 
     //ExtendedPrincipal principal = new ExtendedPrincipal(id, user, new string[] { "1" }); 

     string compressedPrincipal = ConvertPrincipalToCompressedString(principal); 

     FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(30), true, compressedPrincipal, FormsAuthentication.FormsCookiePath); 

     string hash = FormsAuthentication.Encrypt(ticket); 
     HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); 

     //cookie.HttpOnly = false; 
     //cookie.Expires = DateTime.Now.AddMinutes(30); 

     HttpContext.Current.Response.Cookies.Add(cookie); 

     if (redirectToPage) 
     { 
      HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(user.UserName, true)); 
     } 
    }

用户对象包含FirmID和DealerID属性。登录到应用程序后,我可以从应用程序中替换FirmID和DealerID。变化过程之后这段代码是拼命地跑:

public static void RefreshIdentitiy(ISecurityUser user) 
    { 
     HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; 
     FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value); 
     HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName); 

     ExtendedPrincipal principal = ConvertCompressedStringToPrincipal(ticket.UserData); 
     principal.BindProperties(user); 

     FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
     ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, 
     ticket.IsPersistent, ConvertPrincipalToCompressedString(principal), ticket.CookiePath); 

     cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newticket)); 

     HttpContext.Current.Response.Cookies.Add(cookie);    
    }

我的问题是:当我从第二页,打开应用程序第二页的饼干压碎第一页的。所以第一页的FirmID和DealerID也会改变。

当我从第二页打开应用程序时,我不希望cookie粉碎另一个。我该怎么处理这个问题?

来源

2010-12-16 mavera

回答

0

你应该做这样的事情在所有的页面:

if(Request.Cookies[FormsAuthentication.FormsCookieName]!=null) 
{ 
     HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); 

     cookie.HttpOnly = false; 
     cookie.Expires = DateTime.Now.AddMinutes(30); 

     HttpContext.Current.Response.Cookies.Add(cookie); 
}

编辑 我的目标是确保你是不是每次你去一个新的页面时,覆盖你的cookies

来源

2010-12-16 12:42:49 Kimtho6

+0

什么你写的代码的目的是什么?你能解释一下,我做什么很激动? – mavera 2010-12-16 13:10:06

相关问题

 相关问题