我正在做我关于开发一个网站的项目。我是新来的ASP.net,现在我有一个关于登录会话的问题,当用户登录时,每个人都在同一网上冲浪时间也记录为该用户,不管他们是否登录。会话仅在有人点击注销按钮并且所有人都注销时结束。请帮帮我。每一个帮助将不胜感激。 这里是我的代码,我在主网页代码中的这些事情:关于登录会话
protected void Page_Load(object sender, EventArgs e)
{
string equip = "Equipment.aspx";
string url = HttpContext.Current.Request.Url.AbsoluteUri;
if (url.IndexOf(equip) != -1) { Calendar2.Visible = false; Image1.Visible = false; }
equip = "Bookings.aspx";
if (url.IndexOf(equip) != -1) { Calendar2.Visible = false; Image1.Visible = false; }
equip = "Rooms.aspx";
if (url.IndexOf(equip) != -1) { Calendar2.Visible = false; Image1.Visible = false; }
equip = "Users.aspx";
if (url.IndexOf(equip) != -1) { Calendar2.Visible = false; Image1.Visible = false; }
if (!Page.IsPostBack)
{
if (user != "" && user != null)
{
loginStatus = true;
redirectpage = false;
}
else
{
redirectpage = false;
loginStatus = false;
user = "";
authority = 0;
}
}
else
{
if (user == "" || user==null)
{
if (cal != null)
{
}
loginStatus = false;
authority = 0;
}
else
{
if (cal != null)
{
}
loginStatus = true;
}
}
}
/// <summary>
/// Responds to a login request, validating details against the database and
/// loading the user into the session if successful.
/// </summary>
/// <param name="sender">The sending object.</param>
/// <param name="e">The event arguments.</param>
protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
{
SqlConnection oConn =
new SqlConnection();
oConn.ConnectionString = @"Data Source=STAVROS\SQLEXPRESS;User ID=sa;Password=123abc;Initial Catalog=webdev";
sSQL = "select * from tbl_user where username = '" + Login.UserName + "'AND password = '" + Login.Password + "' ";
SqlCommand oComm1 = new SqlCommand(sSQL, oConn);
try
{
oConn.Open();
SqlDataReader i = oComm1.ExecuteReader();
if (i.HasRows)
{
while (i.Read())
{
user = i.GetString(0);
authority = i.GetInt16(7);
loginStatus = true;
string url = HttpContext.Current.Request.Url.Absolute…
string p = "Home.aspx";
if (url.IndexOf(p) != -1) { Response.Redirect("Home.aspx"); }
Helper.CreateUserSession(Session, user);
}
}
else
{
loginStatus = false;
Login.FailureText = "Invalid username or password.";
}
i.Close();
}
catch (Exception ex)
{
Response.Redirect("room-book.aspx");
}
}
/// <summary>
/// Logs the user out (kills the session)
/// </summary>
/// <param name="sender">The sender</param>
/// <param name="e">The event arguments</param>
protected void btnLogout_Click(object sender, EventArgs e)
{
loginStatus = false;
user = "";
authority = 0;
Response.Redirect("Home.aspx");
}
发布您的'Helper.CreateUserSession'代码在那里会有些腥意。 *另外,您需要检查SQL注入攻击* – nunespascal 2012-07-28 03:52:42
唯一可能导致此行为的原因是'loginStatus'是一个静态字段。这不是asp.net认证。阅读Jason提供的链接。 – nunespascal 2012-07-28 03:58:01