[英]How to maintain session after redirection to 3rd party URL in ASP.NET MVC?
Before the actual redirection to 3rd party url we are basically storing the user's session id, userid etc in Session so while we return back to our return url for posting data of payment gateway then we will need to update the status by retrieving the user's session, here at this point our session gets cleared/null.在实际重定向到第 3 方 url 之前,我们基本上将用户的会话 id、userid 等存储在 Session 中,因此当我们返回返回 url 以发布支付网关的数据时,我们将需要通过检索用户的会话来更新状态,在这一点上,我们的会话被清除/为空。 This is happening in Chrome for version above 84. Because I am able to maintain users session after redirection also in Firefox browser.
这发生在 84 以上版本的 Chrome 中。因为我也能够在重定向后在 Firefox 浏览器中维护用户会话。 I also want to do the same irrespective of chrome versions.
无论 chrome 版本如何,我也想做同样的事情。 How do I maintain session of each user after redirection?
重定向后如何维护每个用户的会话?
Notes:笔记:
Any other options to try.任何其他选项都可以尝试。 Please help.
请帮忙。 I am using ASP.NET MVC.
我正在使用 ASP.NET MVC。
You need to set a SameSite
cookie policy . 您需要设置
SameSite
cookie 策略。
Chrome enforces the new SameSite
cookie rules more stringently than Firefox, but Firefox will soon behave the same as Chrome . Chrome 比 Firefox 更严格地执行新的
SameSite
cookie 规则,但 Firefox 很快将与 Chrome 相同。
The exact SameSite
option you should use depends on the type of redirection:您应该使用的确切
SameSite
选项取决于重定向的类型:
GET
or POST
and all requests are over HTTPS then you can use SameSite=None
.GET
或POST
的 HTTP 3xx 重定向,并且所有请求都通过 HTTPS,那么您可以使用SameSite=None
。<meta>
element or JavaScript using window.location = 'newUrl'
then you can use SameSite=None
.<meta>
元素或 JavaScript 使用window.location = 'newUrl'
那么您可以使用SameSite=None
。GET
and not all requests are over HTTPS then you can use SameSite=Lax
.GET
的 HTTP 3xx 重定向,并且并非所有请求都通过 HTTPS,那么您可以使用SameSite=Lax
。POST
and not all requests are over HTTPS then there is no quick-fix: you will need to use HTTPS for all requests.POST
的 HTTP 3xx 重定向,并且并非所有请求都通过 HTTPS,则没有快速修复:您需要对所有请求使用 HTTPS。 The SameSite
option was added to ASP.NET WebForms and ASP.NET MVC in .NET Framework 4.7.2, though you should be using .NET Framework 4.8. SameSite
选项已添加到 .NET Framework 4.7.2 中的 ASP.NET WebForms 和 ASP.NET MVC,但您应该使用 .NET Framework 4.8。 If you cannot update your project to .NET Framework 4.7.2 or later then you can use a trick with IIS' <rewrite>
rules to modify response Set-Cookie
requests .如果您无法将项目更新到 .NET Framework 4.7.2 或更高版本,那么您可以使用带有 IIS 的
<rewrite>
规则的技巧来修改响应Set-Cookie
requests 。
You can configure defaults for SameSite
in your web.config file , but you'll need to update a couple of different locations: 您可以在 web.config 文件中为
SameSite
配置默认值,但您需要更新几个不同的位置:
<system.web><httpCookies sameSite="Strict|Lax|None|Unspecified" />
for when you use HttpCookie
directly.HttpCookie
时指定<system.web><httpCookies sameSite="Strict|Lax|None|Unspecified" />
。<system.web><sessionState cookieSameSite="Strict|Lax|None" />
for ASP.NET's own Session cookie ( this is the OP's problem ).<system.web><sessionState cookieSameSite="Strict|Lax|None" />
(这是 OP 的问题)。
Unspecified
for <sessionState>
- but you should never use Unspecified
so that shouldn't be an issue ( Unspecified
is only needed if you need to support iOS 12 because Apple Safari did not recognize SameSite=None
at the time, but no-one should be using iOS 12 today).<sessionState>
指定Unspecified
- 但您永远不应该使用Unspecified
这样就不应该成为问题(仅当您需要支持 iOS 12时才需要Unspecified
因为 Apple Safari 当时无法识别SameSite=None
,但今天没有人应该使用 iOS 12)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.