[英]after migrate to .net core 2.0 session stop working correctly
I write my application in .NET 1.0 and after an update it to version 2.0 then, my session stopped working. 我在.NET 1.0中编写应用程序,然后将其更新到2.0版本后,我的会话停止工作。
My settings in Startup.cs: 我在Startup.cs中的设置:
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(15);
options.Cookie.HttpOnly = true;
});
...
app.UseSession();
I set the session at my controller: 我在我的控制器上设置了会话:
HttpContext.Session.SetString(SessionKey, data);
After that I redirect to my static file containing angular: 之后,我重定向到包含angular的静态文件:
return Redirect($"~/index.html?test={test}");
The file is placed in the wwwroot folder. 该文件放在wwwroot文件夹中。
And when I use angular to get data from my app: 当我使用angular从我的应用程序获取数据时:
$http.get(baseUrl + "/Configure/Refresh?test=" + test).then(handleSuccess, handleError("Error getting settings")
I check the session in my controller action: 我在控制器操作中检查会话:
_logger.LogInformation($"Session: {HttpContext.Session.GetString(SessionKey)}");
And it is blank. 它是空白的。 I don't know why - before the update, it worked correctly.
我不知道为什么 - 在更新之前,它工作正常。
Ok I discover what was wrong. 好的,我发现了什么问题。 After update session as default have SameSite set to Lax.
默认情况下,更新会话后将SameSite设置为Lax。 Before is was none.
之前是没有。 I set this value to Strict and all work correctly.
我将此值设置为Strict,并且所有工作都正常。
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(15);
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
});
Article: https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ 文章: https : //www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.