我正在使用的系统不使用标准ASP.NET身份验证/成员资格设施来记录用户输入/输出。因此,在登录用户之后,我想向用户发出新的会话ID以防止会话陷入/劫持。我遇到的问题是,尽管我已经能够使用新ID成功创建新会话,并将各种组件复制到新创建的会话中,例如。会话[ “值”]。在新创建的会话下面的代码片段的末尾是当前的HTTPContext会话,并具有经过复制的会话值。但是,在执行Response.Redirect之后,新会话正在执行,但是两个请求中都没有会话[“值”]持续存在。正如你可以从下面的代码中看到的,我试图将这些值添加到许多集合中以利用。新创建的会话不会保留会话内容
任何帮助将是惊人的!在此先感谢
bool IsAdded = false;
bool IsRedirect = false;
HttpSessionState state = HttpContext.Current.Session;
SessionIDManager manager = new SessionIDManager();
HttpStaticObjectsCollection staticObjects = SessionStateUtility.GetSessionStaticObjects(HttpContext.Current);
SessionStateItemCollection items = new SessionStateItemCollection();
foreach (string item in HttpContext.Current.Session.Contents)
{
var a = HttpContext.Current.Session.Contents[item];
items[item] = a;
}
HttpSessionStateContainer newSession = new HttpSessionStateContainer(
manager.CreateSessionID(HttpContext.Current),
items,
staticObjects,
state.Timeout,
true,
state.CookieMode,
state.Mode,
state.IsReadOnly);
foreach (string item in HttpContext.Current.Session.Contents)
{
var a = HttpContext.Current.Session.Contents[item];
newSession.Add(item,a);
}
SessionStateUtility.RemoveHttpSessionStateFromContext(HttpContext.Current);
SessionStateUtility.AddHttpSessionStateToContext(HttpContext.Current, newSession);
manager.RemoveSessionID(HttpContext.Current);
manager.SaveSessionID(HttpContext.Current, newSession.SessionID, out IsRedirect, out IsAdded);
return newSession.SessionID;
不,因为它是一个新的会话(即在此请求期间创建的)添加到会话中的任何值在我做Response.redirect(页面,false) – MiiisterJim