C# 关于多页共享表单身份验证Cookie的一个问题
在我的应用程序中,我使用表单身份验证。我的身份验证代码如下:C# 关于多页共享表单身份验证Cookie的一个问题,c#,asp.net,authentication,cookies,forms-authentication,C#,Asp.net,Authentication,Cookies,Forms Authentication,在我的应用程序中,我使用表单身份验证。我的身份验证代码如下: public static void Authenticate(bool redirectToPage, ISecurityUser user, params string[] roles) { FormsAuthentication.Initialize(); GenericIdentity id = new GenericIdentity(user.UserName); Ex
public static void Authenticate(bool redirectToPage, ISecurityUser user, params string[] roles)
{
FormsAuthentication.Initialize();
GenericIdentity id = new GenericIdentity(user.UserName);
ExtendedPrincipal principal = new ExtendedPrincipal(id, user, roles);
//ExtendedPrincipal principal = new ExtendedPrincipal(id, user, new string[] { "1" });
string compressedPrincipal = ConvertPrincipalToCompressedString(principal);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(30), true, compressedPrincipal, FormsAuthentication.FormsCookiePath);
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
//cookie.HttpOnly = false;
//cookie.Expires = DateTime.Now.AddMinutes(30);
HttpContext.Current.Response.Cookies.Add(cookie);
if (redirectToPage)
{
HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(user.UserName, true));
}
}
用户对象包含FirmID和DealerID属性。登录应用程序后,我可以从应用程序中替换FirmID和DealerID。更改流程后,将运行此代码:
public static void RefreshIdentitiy(ISecurityUser user)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
ExtendedPrincipal principal = ConvertCompressedStringToPrincipal(ticket.UserData);
principal.BindProperties(user);
FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
ticket.IsPersistent, ConvertPrincipalToCompressedString(principal), ticket.CookiePath);
cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newticket));
HttpContext.Current.Response.Cookies.Add(cookie);
}
我的问题是:当我从第二页打开应用程序时,第二页的cookie会压碎第一页的cookie。所以第一页的FirmID和DealerID也发生了变化
当我从第二页打开应用程序时,我不希望cookie压碎另一个。对此问题我能做些什么?您应该在所有页面上执行以下操作:
if(Request.Cookies[FormsAuthentication.FormsCookieName]!=null)
{
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
cookie.HttpOnly = false;
cookie.Expires = DateTime.Now.AddMinutes(30);
HttpContext.Current.Response.Cookies.Add(cookie);
}
编辑
我的目标是确保您不会每次进入新页面时都覆盖cookie您编写代码的目的是什么?你能解释一下,我为什么这么做吗?