堆栈内存溢出
  简体   繁体   English

ASP.Net Forms身份验证Cookie跨会话传递

[英]ASP.Net Forms Authentication cookie is passed across sessions

 原文  2013-10-04 03:20:52       asp.net/ session/ cookies/ formsauthentication

问题描述

I am fairly new with developing in ASP.Net and I've searched high and low for a resolution to this, to no avail. 我对使用ASP.Net进行开发还很陌生,但我一直在高低寻找解决方案,但无济于事。 I am using Forms Authentication to authenticate users and when I login with user A, I abandon the current session, generate a new session cookie/id and redirect from to my content page and everything works as planned. 我正在使用表单身份验证来对用户进行身份验证,当我与用户A登录时,我放弃了当前会话,生成了一个新的会话cookie / id,并重定向到我的内容页面,一切按计划进行。 However, when I open a new browser window and navigate to the login screen, thus starting a new session, the authentication cookie for user A is automatically passed to this session and is part of the request cookies collection. 但是,当我打开一个新的浏览器窗口并导航到登录屏幕,从而启动一个新会话时,用户A的身份验证cookie将自动传递到此会话,并且是请求cookie集合的一部分。 Even worse, when I actually log in as user B and get a new authentication cookie then refresh the browser window for session A, it now has the authentication cookie of user B. 更糟糕的是,当我实际以用户B身份登录并获取新的身份验证cookie,然后刷新会话A的浏览器窗口时,它现在具有用户B的身份验证cookie。

I have no idea why this is happening. 我不知道为什么会这样。 I thought the browser (IE9) was caching the authentication cookie because the response-header collection is set to cache-control "private" even though I specifically set the Response.Cache.SetCacheability("no-cache") in my code-behind for all pages. 我以为浏览器(IE9)正在缓存身份验证cookie,因为即使我在后台代码中特别设置了Response.Cache.SetCacheability(“ no-cache”),响应头集合也被设置为缓存控制“私有”对于所有页面。 Then I was thinking it could be a threading issue. 当时我以为这可能是线程问题。

Any insight into why this is happening is greatly appreciated, Thanks. 非常感谢您对为什么会发生这种情况的任何见解。

2 个解决方案

解决方案1
 1 已采纳  2013-10-04 04:31:06

Try different Browsers like Chrome and IE. 尝试使用其他浏览器,例如Chrome和IE。 Because browser share same cookie and temp file even opened in new windows. 因为浏览器甚至在新窗口中打开都共享相同的cookie和临时文件。 Above scenario will occur if you try with gmail.com or live.com. 如果您尝试使用gmail.com或live.com,则会发生上述情况。

解决方案2
 0  2013-10-04 05:01:26

Check your web.config files for session settings. 检查您的web.config文件中的会话设置。

Check out the following link: 查看以下链接:

http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.enablecrossappredirects.aspx http://msdn.microsoft.com/zh-CN/library/system.web.security.formsauthentication.enablecrossappredirects.aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET表单身份验证Cookie和会话以获取其他数据 - ASP.NET Forms Authentication Cookie and Sessions for additional data 缺少ASP.NET表单身份验证Cookie - Missing asp.net forms authentication cookie ASP.NET表单身份验证Cookie - ASP.NET Forms Authentication Cookie 为什么cookie的到期日期不能在ASP.NET中的会话中存活? - Why is the cookie expiration date not surviving across sessions in ASP.NET? 跨MVC 5和ASP.NET核心应用程序的基于Cookie的表单身份验证 - Cookie-based Forms Authentication Across MVC 5 and ASP.NET Core applications ASP.NET Forms身份验证和持久身份验证Cookie安全性 - ASP.NET Forms Authentication and Persistent Authentication Cookie Security asp.net成员身份表单cookie未显示跨子域登录 - asp.net membership forms cookie not showing logged in across subdomains 在子域中跨ASP.NET共享ASP.NET 5中的身份验证Cookie - Sharing Authentication Cookie in ASP.NET 5 across subdomains 如何同步表单身份验证cookie和Asp.Net Session的生命周期? - How to synchronize lifetime of forms authentication cookie and Asp.Net Session? 在表单身份验证中使用ASP.Net Identity 2 cookie - Using ASP.Net Identity 2 cookie in forms authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM