stackoom
  简体   繁体   中英

To restrict copy and paste of URL to open the page

 原文  2012-11-21 17:51:19       c#/ javascript/ asp.net/ c#-4.0/ session

Question

To stop session sharing i used code

<sessionState mode=”InProc” cookieless=”UseUri”></sessionState>

This is working fine although i am getting awkward URL but it is OK . The problem i am facing is :If user is already login to the application and if user directly copy and paste the URL in web browser to open the page, then user can open the page because user has got already an active session.

but requirement is to restrict copy and paste of URL to open the page. In such cases what we have to do?

i dont have .cs page as this is a old application we have.aspx page with javascript/VB script.

One more issue i got with <sessionState mode="InProc" cookieless="UseUri"> when login to the application and if user directly copy url and paste the URL in web browser to open the page after closing the first one (where we copied url) still user able to open page without login. Example :http://XXX/YYY/(S(fxiejp3mncnt3wwob3ytkmbf))/Home/FrameSet.aspx if i paste above URL after closing my opened window (where i copied this uRL) USER is able to open apllication. which is seems like bug . PLEASE SUGGEST Please suggest

3 answers

solution1
 0  2012-11-21 17:58:57

can you use code like this to disable Copy Paste in your Html markup..?

<html>
<head>
</head>
<body oncopy="return false;" onpaste="return false;" oncut="return false;">
    <form id="form1" runat="server">
        <div>
           Try to copy this and paste in your editor
        </div>
    </form>
</body>
</html>

solution2
 0  2012-11-21 18:07:44

If you want to make sure that a user does not go directly to a page, you could look at the referer [sic] in the http header and make sure that it is set and the user navigated through your site to get to the page. If the referer is set to google, or not set, then the user went directly to the URL.

From a security standpoint, you should rely on some identifier in a cookie to store the session information and the cookie shouldn't contain any private or confidential information. If the session id in the cookie doesn't match what the server has for the session, the page should be rejected. (see http://www.truste.com/blog/2011/12/02/best-practices-for-using-cookies/ for some good tips on sessions)

solution3
 0  2012-11-21 18:10:23

Why not associate an IP address with the login session, so that another user cannot cut-and-paste URLs.

(Note that doesn't work if both users are behind the same NAT router, and may be problematic if users are on mobile devices that change IP addresses.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Restricting user to copy paste url in silverlight Prevent copy paste of url in another tab using form authentication C# word automation: copy and paste a table into a new page how to redirect to login page if the users copy the link and paste it in the other tab NullReferenceException in copy/ paste of image Copy Paste UIElement (FrameworkElement) Copy and paste a file programmaticaly .NET DataGrid Copy/Paste Detect Copy and Paste in an InputField Copy & Paste with c#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM