Asp.Net:关闭并重新打开浏览器实例后,保留旧的浏览器会话 [英] Asp.Net: Retaining the old browser session after closing and reopening browser instance
问题描述
有没有一种方法可以在用户关闭浏览器然后重新打开后保留浏览器会话.
Is there a way I can retain the browser session after the user has closed his browser and then reopens.
asp.Net的默认行为是将Asp.Net SessionId保留在浏览器cookie中,当我们关闭浏览器时,该cookie 到期.在重新打开上,浏览器asp.net会生成一个新的SessionId,即使旧会话在服务器端没有过期,我们也无法保留它.
The default behavior in asp.Net is that it keeps the Asp.Net SessionId in the browser cookie which expires when we close the browser. On reopen the browser asp.net generates a new SessionId and even if the old session is not expired on the server side we can not retain it.
我们可以控制Asp.Net中会话cookie 的过期行为吗?
Can we control the expiration behavior of the session cookie in Asp.Net?
推荐答案
您不能像这样回收会话ID,但是可以肯定地恢复会话状态的某些可预测部分.如果您使用的是表单身份验证,则只需读取global.asax session start中的forms-auth cookie,然后重新填充会话对象.
You cannot reclaim the session-id as such, but you can certainly restore some of the predictable part of the session state. If you are using forms authentication, then just read the forms-auth cookie in global.asax session start and re-populate the session objects.
您可以使用以下方法创建永久性Cookie,从而手动控制表单身份验证Cookie的到期时间:
You can control the expiration of forms-authentication cookie manually by creating a persistent cookie by using:
FormsAuthentication.SetAuthCookie(userName, true)
或者,您可以通过手动更改cookie来微调到期时间:
Alternatively, you can fine-tune the expiration by manually changing the cookie:
Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(userName)
Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
Dim newAuthTicket As New FormsAuthenticationTicket(authTicket.Version, authTicket.Name, authTicket.IssueDate, expireDate, authTicket.IsPersistent, userData)
authCookie.Value = FormsAuthentication.Encrypt(newAuthTicket)
authCookie.Expires = newAuthTicket.Expiration
HttpContext.Current.Response.Cookies.Set(authCookie)
其中expireDate指定cookie的到期时间.
Where expireDate specifies when the cookie should expire.
现在在global.asax session start中,您可以检查返回的用户是否仍在进行身份验证(由于先前设置的持久性cookie):
Now in global.asax session start you can check if the returning user is still authenticated (by virtue of persistent cookie previously set):
If HttpContext.Current.User.Identity.IsAuthenticated Then
' Here re-populate the predictable part of session state
' Like user profile etc.
End If
在Op见解之后添加:
不使用表单身份验证,目的是能够仅恢复上一个会话.
Forms authentication is not being used, and the aim is to be able to just restore the previous session.
在这种情况下,唯一的选择是通过持久性cookie 持久化现有会话,以便以后可以检索它.有一些解决方法可以实现此目的.此博客作者在此处解释了一种解决方法:
In such a case the only option is to persist the existing session by way of a persistent cookie, so that you can retrieve it later. There are some workarounds to achieve this. One of the workarounds is explained here by this blog writer:
这里发生的是我们在global.asax中拦截了两个事件:
What is happening here is that we intercept two events in the global.asax:
-
PostRequestHandlerExecute:(在ASP.NET事件处理程序完成执行时发生)在此处理程序中,我们创建一个新的cookie(例如 temp ),为其值分配一个值当前SessionId的值.通过将expires属性设置为会话超时,可以使其成为持久性cookie.
PostRequestHandlerExecute: (Occurs when the ASP.NET event handler finishes execution) In this handler, we create a new cookie (say temp), value of which is assigned the value of current SessionId. We make it a persistent cookie by setting the expires property to the session timeout.
PostMapRequestHandler :(在ASP.NET将当前请求映射到适当的事件处理程序时发生)在此处理程序中,我们通过检查" temp " cookie.如果找到,我们将使用" temp " cookie的值更新实际的会话cookie(ASP.NET_SessionId);从而有效地恢复了上一个会话.
PostMapRequestHandler: (Occurs when ASP.NET has mapped the current request to the appropriate event handler) In this handler, we check the returning user by checking the existence of the "temp" cookie. If found, we update the actual session cookie (ASP.NET_SessionId) with the value of our "temp" cookie; thereby effectively restoring the previous session.
请注意,这只是一种解决方法.该系统旨在创建一个新的会话.我们要做的就是通过保留现有会话以供日后检索,使用一些挂钩来解决此问题.所有的安全隐患都可以承受.
Please note that this is just a workaround. The system is designed to create a new session. All we are doing is to use a few hooks to workaround this by persisting an existing session to retrieve it later. All security implications stand.
这篇关于Asp.Net:关闭并重新打开浏览器实例后,保留旧的浏览器会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
