Asp.Net Core 2.1请求释放客户端Cookie
[英]Asp.Net Core 2.1 Request exlusing client side cookies
问题描述
I have a problem where cookies set in the website using javascript are not being passed to controllers in the Request. 
我有一个问题,其中使用javascript在网站中设置的cookie没有传递到请求中的控制器。 Any cookies set in C# are present. 存在使用C#设置的所有cookie。
In my Startup.cs I have set the following: 在我的Startup.cs中,设置了以下内容:
ConfigureServices: ConfigureServices:
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;// must be false otherwise only essential cookies will be allowed
options.MinimumSameSitePolicy = SameSiteMode.None;
});
Configure: 配置:
app.UseCookiePolicy(new CookiePolicyOptions
{
HttpOnly = HttpOnlyPolicy.None
});
when inspecting the cookies in the browser the one I want - "ClientTimeZone" is present as can be seen in this image: 在浏览器中检查cookie时,我想要的一个-“ ClientTimeZone”存在,如该图所示:
but in the controller when looking at the Request that cookie is not present: 但是在控制器中,当查看不存在Cookie的请求时:
The JavaScript code I use to store cookies are as follows: 我用于存储cookie的JavaScript代码如下:
setCookie: function (name, value, days)
{
var expires = "";
if (days)
{
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
expires = "; expires=" + date.toUTCString();
}
document.cookie = name + "=" + (value || "") + expires + ";";
},
I have also tried adding path=/ but no luck. 我也尝试添加path=/但是没有运气。
Any suggestions as to why the cookie does not persist to the server? 关于为何cookie无法持久保存到服务器的任何建议?
Thanks, 谢谢,
1 个解决方案
解决方案1
0 2019-05-13 20:18:52
This is due to spaces in your cookie value (and in my case, Json). 这是由于您的cookie值(在本例中为Json)中的空格所致。 .NET Core is using RFC-6265 . .NET Core正在使用RFC-6265 。 Allowed characters are alphanumerics plus ~!@#$%^&*()-_+[]{}| 允许的字符是字母数字加~!@#$%^&*()-_+[]{}| . 。 Space, comma, semi-colon, backslash, and quotes are not allowed. 不允许使用空格,逗号,分号,反斜杠和引号。
The simplest fix is to use Uri encoding/decoding. 最简单的解决方法是使用Uri编码/解码。
Javascript to set cookie value: 设置cookie值的Javascript:
document.cookie = 'ClientTimeZone=' + encodeURIComponent("New Zealand Time") + ';path=/';
C# to read it: 用C#读取它:
var timeZone = System.Net.WebUtility.UrlDecode(Request.Cookies["ClientTimeZone"]);
The source of the issue is when parsing header values into cookies: 问题的根源是将标头值解析为cookie时:
Microsoft.Net.Http.Headers.HttpHeaderParser
{
protected virtual bool TryParseValues(IList<string> values, bool strict, out IList<T> parsedValues)
}
Eventually hits the following method, which exits as soon as it hits a disallowed character: 最终达到以下方法,一旦遇到不允许的字符,该方法将立即退出:
Microsoft.Net.Http.Headers.CookieHeaderValue
{
internal static StringSegment GetCookieValue(StringSegment input, ref int offset)
}
Essentially, even though the cookie is sent in the request header, any cookie that doesn't parse correctly is silently ignored and never included in the IRequestCookieCollection Request.Cookies. 本质上,即使cookie是在请求标头中发送的,任何不能正确解析的cookie都将被静默忽略,并且永远不会包含在IRequestCookieCollection Request.Cookies中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.