堆栈内存溢出
  简体   繁体   English

为什么关闭浏览器窗口后非持久性cookie没有过期?

[英]Why is the non-persistent cookie not expired after closing the browser window?

 原文  2018-08-27 05:48:05       c#/ asp.net/ asp.net-mvc/ logging/ cookies

问题描述

From web I've learned that there are two types of cookies: Persistent Cookies and Non-Persistent Cookies.我从网上了解到有两种类型的 cookie:持久性 Cookie 和非持久性 Cookie。 Non-Persistent Cookies are created if I don't specify the expiration time.如果我不指定到期时间,则会创建非持久性 Cookie。 I also learned that Non-Persistent Cookies are removed once the browser is closed, but in my case even though I closed the browser window, I can still navigate into my application without a successful login.我还了解到,一旦浏览器关闭,非持久性 Cookie 就会被删除,但在我的情况下,即使我关闭了浏览器窗口,我仍然可以在没有成功登录的情况下导航到我的应用程序。

public ActionResult Index(Login userLogin)
{
    if (ModelState.IsValid)
    {
        Login Login = loginBusinessLayer.GetUserLogin(userLogin.UserId, userLogin.UserName);
        if (Login.UserPassword == userLogin.UserPassword)
        {
            Session["UserLogin"] = Login;
            User user = userBusinessLayer.GetUser(Login.UserId);
            Role role = roleBusinessLayer.Roles.Single(rle => rle.RoleId == user.RoleId);
            Session["Role"] = role;

            HttpCookie cookie = new HttpCookie("UserLogin");
            cookie["LoginId"] = Convert.ToString(Login.UserId);
            cookie["RoleId"] = Convert.ToString(role.RoleId);
            Response.Cookies.Add(cookie);
            return RedirectToAction("Success", "Login");
        }
        else
        {
            return View();
        }
    }
    return View();
}

1 个解决方案

解决方案1
 0  2018-08-27 05:49:42

Modern browsers continue to run in the background, even though all visible Windows are closed.现代浏览器继续在后台运行,即使所有可见的窗口都已关闭。 For example Google Chrome on Windows need to be closed from the small notification icon in the task bar to really get shut down.例如,Windows 上的 Google Chrome 需要通过任务栏中的小通知图标关闭才能真正关闭。 If that is done, the session cookies are removed.如果这样做,会话 cookie 将被删除。

And for the record, that login method of yours contain a number of security flaws.作为记录,您的登录方法包含许多安全漏洞。 I hope it just is an example.我希望这只是一个例子。 Use the built in libraries in asp.net: Asp.NET Identity and the Owin providers.使用 asp.net 中的内置库:Asp.NET Identity 和 Owin 提供程序。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 C# 中创建非持久性(内存中)http cookie? - How to create a non-persistent (in memory) http cookie in C#? ASP.NET非永久cookie(又称会话cookie)对于某些用户而言没有超时 - ASP.NET non-persistent cookie (aka session cookie) not time out for some users 域数据模型中的非持久属性 - non-persistent properties in domain data model C#非永久性“静态”关键字? - C# non-persistent `static` keyword? 会话在使用State Server时关闭浏览器后过期 - Session Expired after closing browser when using State Server 如何在Visual Studio中运行非持久查询 - How to run non-persistent queries in Visual Studio 使用功能打开后关闭浏览器窗口 - Closing Browser window after using function to open it 如何为画布存储非持久性图像数组以获取背景? - How do I store a non-persistent array of images for my canvas to get backgrounds from? 为什么从HttpCookieCollection返回过期的cookie? - Why is the expired cookie returned from HttpCookieCollection? 关闭窗口后出现TaskCanceledException - TaskCanceledException after closing window
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM