C# 代码在每次属性调用时创建cookie
我有一个网站,我想为所有使用cookie的用户(甚至匿名用户)存储一个用户记录。然后我可以跟踪他们的行为,并向他们展示相关内容,即使他们回来了 我当前调用用户的方式是使用以下代码。当我测试它时,它工作得很好,但我可以在日志/数据库中看到,它有时会被垃圾邮件攻击(同一个访问者会得到数百个匿名用户)。这段代码中可能出现严重错误,因此我很快就拥有了许多用户 有人能看到问题/解决方法吗C# 代码在每次属性调用时创建cookie,c#,asp.net,debugging,session,cookies,C#,Asp.net,Debugging,Session,Cookies,我有一个网站,我想为所有使用cookie的用户(甚至匿名用户)存储一个用户记录。然后我可以跟踪他们的行为,并向他们展示相关内容,即使他们回来了 我当前调用用户的方式是使用以下代码。当我测试它时,它工作得很好,但我可以在日志/数据库中看到,它有时会被垃圾邮件攻击(同一个访问者会得到数百个匿名用户)。这段代码中可能出现严重错误,因此我很快就拥有了许多用户 有人能看到问题/解决方法吗 public SystemUser SystemUser { get
public SystemUser SystemUser
{
get
{
if(!HttpContext.Current.Request.Browser.Cookies)
{
logger.Info("Users browser did not allow cookies (crawler?)");
return CreateEmptyUser();
}
var user = HttpContext.Current.Session[Constants.Sessions.LoginUser] as SystemUser;
if(user == null)
{
logger.Info("User was null - first page visit");
var httpCookie = HttpContext.Current.Request.Cookies[Constants.Cookies.AnonymousUser];
if (httpCookie == null || httpCookie.Value == string.Empty)
{
// totally new user - new anonymous user
var userFromId = SetupAnonymousUser();
logger.Info("We have a totally new visitor coming to our site. Userid: " + userFromId.UserId);
}
else
{
logger.Info("User has been here before, as the anonymous user cookie wasn't null");
// anonymousUser - has been there before
var anonymousUser = httpCookie.Value;
int userid;
int.TryParse(anonymousUser, out userid);
if(userid > 0)
{
logger.Info("Getting user from id: " + userid);
var userFromId = UserManager.GetUser(userid);
if(userFromId != null)
{
HttpContext.Current.Session[Constants.Sessions.LoginUser] = userFromId;
}
else
{
logger.Error("User has been here before, but couldnt find in database. Anonymous cookie deleted maybe?");
SetupAnonymousUser();
}
}
logger.Info("User has been there before: " + userid);
}
}
var initializedUser = HttpContext.Current.Session[Constants.Sessions.LoginUser] as SystemUser;
if(initializedUser != null)
{
return initializedUser;
}
else
{
logger.Info("Creating an empty user as initialized user was null");
return CreateEmptyUser();
}
}
set { HttpContext.Current.Session[Constants.Sessions.LoginUser] = value; }
}
以及我们的SetupAnonymousUser():
编辑:
这是一个错误案例的日志:
2012-11-04 13:58:40,298 [7] INFO GKBusiness.Context.SystemContext [(null)] - User was null - first page visit
2012-11-04 13:58:40,313 [7] INFO GKBusiness.Context.SystemContext [(null)] - Anonymous user created - with user id GKBusiness.Data.SystemUser
2012-11-04 13:58:40,313 [7] INFO GKBusiness.Context.SystemContext [(null)] - We have a totally new visitor coming to our site. Userid: 4466
2012-11-04 13:58:40,391 [7] INFO GKBusiness.Context.SystemContext [(null)] - User was null - first page visit
2012-11-04 13:58:40,391 [7] INFO GKBusiness.Context.SystemContext [(null)] - Anonymous user created - with user id GKBusiness.Data.SystemUser
2012-11-04 13:58:40,391 [7] INFO GKBusiness.Context.SystemContext [(null)] - We have a totally new visitor coming to our site. Userid: 4467
代码本身看起来没有缺陷,但有一些可能会导致您面临的问题(同一用户有多个“匿名用户”条目) 为了帮助找出问题所在,我建议在代码中添加更多的
logger.Info
引用,特别是当您从用户处获得cookie但由于某种原因其格式不正确时:
logger.Info
引用,特别是当您从用户处获得cookie但由于某种原因其格式不正确时:
2012-11-04 13:58:40,298 [7] INFO GKBusiness.Context.SystemContext [(null)] - User was null - first page visit
2012-11-04 13:58:40,313 [7] INFO GKBusiness.Context.SystemContext [(null)] - Anonymous user created - with user id GKBusiness.Data.SystemUser
2012-11-04 13:58:40,313 [7] INFO GKBusiness.Context.SystemContext [(null)] - We have a totally new visitor coming to our site. Userid: 4466
2012-11-04 13:58:40,391 [7] INFO GKBusiness.Context.SystemContext [(null)] - User was null - first page visit
2012-11-04 13:58:40,391 [7] INFO GKBusiness.Context.SystemContext [(null)] - Anonymous user created - with user id GKBusiness.Data.SystemUser
2012-11-04 13:58:40,391 [7] INFO GKBusiness.Context.SystemContext [(null)] - We have a totally new visitor coming to our site. Userid: 4467