请求和流程用户授权之间的会话更改 [英] Session change in between Request and Process user authorization

问题描述

我正在尝试实现一个简单的登录页面，该页面将用户重定向到OAuth2.0登录服务器，然后在用户成功登录后返回到回调URL。

I am trying to implement a simple login page that redirects a user to an OAuth2.0 login server, and then back to a callback URL after they have successfully logged in.

但是我不断收到错误消息的异常：

However I keep on getting exception with error message:

通过回调和
客户端状态收到意外的OAuth授权响应与预期值不匹配。

Unexpected OAuth authorization response received with callback and client state that does not match an expected value.

通过调试，我注意到调用 RequestUserAuthorization（）之前和之后的会话ID是不同的

From debugging I noticed that the session id from before calling "RequestUserAuthorization()" and after are different.

我从一些SO答案中得知，我需要以某种方式防止会话更改，但不确定在这种情况下如何实现。

I read from some SO answers that I need to somehow prevent session changing, but not sure how to achieve that in this scenario.

感谢您的帮助！

我的提纲实现如下：

private readonly WebServerClientCustomImpl _oauthClient = new WebServerClientCustomImpl();

public ActionResult Login()
        {    
            IAuthorizationState auth = null;

            auth = _oauthClient.ProcessUserAuthorization();

            if (auth == null)
            {
                _oauthClient.RequestUserAuthorization(returnTo: _redirectUrl);
            }
            else
            {
                // Save authentication information into cookie.
                HttpContext.Response.Cookies.Add(auth.CreateAuthCookie());

                return RedirectToAction("Index", "Home");
            }

            ViewBag.Message = "Future login page...";
            return View();
        }

推荐答案

如果SessionId有问题在大多数情况下，对其进行更改意味着该用户在Session对象中没有任何内容。只需在会话中添加任何内容，用户的SessionId就应保持不变：

If you have problem with SessionId changing it in most cases means that there is nothing in Session object for this user. Just add anything to session and SessionId should stay the same for the user:

Session["UserIsHere"] = true;

这篇关于请求和流程用户授权之间的会话更改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！