[英]Session check deny page access ASP.NET
I have a login page that is checking users and passwords from an XML file, first I set a string that I will use with sessions then check if user exist 我有一个登录页面,该页面正在检查XML文件中的用户和密码,首先设置一个将用于会话的字符串,然后检查用户是否存在
string roleCheck = "";
string userName = node.SelectSingleNode("username").InnerText;
string passWord = node.SelectSingleNode("password").InnerText;
string isAdmin = node.SelectSingleNode("role").InnerText;
if (isAdmin == "admin" && userName == TextBoxUsername.Text && passWord == TextBoxPassword.Text)
{
roleCheck = "admin";
Session["RoleCheck"] = roleCheck;
Response.Redirect("admin.aspx");
}
Now here is where it fails, it seems I can access admin.aspx even without logging on, I have this in Page_Load on admin.aspx 现在这是失败的地方,似乎即使不登录也可以访问admin.aspx,我在admin.aspx的Page_Load中有此设置
protected void Page_Load(object sender, EventArgs e)
{
if (Session["RoleCheck"] == "")
{
Response.Redirect("login.aspx");
}
}
Shouldnt this redirect non logged on users? 该重定向不应该登录的用户吗?
You need to check just session is null like below code. 您需要检查会话是否为空,如以下代码所示。 not check empty or blank.
不要检查为空还是空白。
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["RoleCheck"] == null)
{
Response.Redirect("login.aspx");
}
}
}
No, because it is checking whether Session
is blank string, but here, Session
is null, ie not a blank string. 否,因为它正在检查
Session
是否为空字符串,但是在这里, Session
为null,即不是空字符串。 Hence condition fails. 因此条件失败。
You should check Session
for null rather than empty string. 您应该检查
Session
是否为空而不是空字符串。
if(Session["RoleCheck"] == null)
{
// redirect
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.