asp.net可以混合使用的cookie存储会话的会话数据Cookie的？ [英] asp.net can you mix cookieless with cookie session stored session data?

问题描述

是否有可能使用混合Cookie会话cookie的使用会话？

Is it possible to use mixed cookieless sessions with cookie sessions?

我已经使捕获用户的详细信息，然后重定向支付到SSL网页的应用程序。我想知道这是否可能？

I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible?

http://www.mydomain.com/confirm.aspx

重定向到

https://www.mydomain.com/(S(za1tw2l2k02jer4fiskzlovd） ）/payment.aspx

注：在后者的URL中的会话ID

Note: the session Id in the latter url.

因此​​，在本质上，我们使用标准的Cookie会话为广大的应用程序，但是当我们转移到SSL页面我们传递的SessionID到HTTPS URL拿起会话。我在本地试过，但它启动一个新的会话。

So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.

我缺少一个把戏？

感谢

推荐答案

我发现，似乎工作的解决方案

I've found a solution that seems to work

在HTTP和HTTPS之间转流我以下内容：

When transfering between http and https i've the following:

的正如你可以看到我手动传递会话ID到HTTPS页面。的

protected void btnPurchase_Click(object sender, EventArgs e)
{
        // Confirm puchase code **

        string sslPaymentPath = string.Format("https://{0}/payment.aspx?sid={1}", Request.Url.DnsSafeHost, Session.SessionID);

        Response.Redirect(sslPaymentPath);

}

在到达SSL网页，asp.net看到请求作为新会话所以我用在Global.asax的Start_Session方法摒弃了新创建的会话，并添加一个新的会话cookie从传入的会话ID查询字符串。由于其填充会话的keyValue对的AquireSessionState已经由这点来看，我需要的页面重定向到自身重新填充这些值。

Upon reaching the ssl page, asp.net sees the request as a new session so I use the Start_Session method in the global.asax to abandon the newly created session and add a new session cookie with the session id passed in from the query string. Because the AquireSessionState which populates the session keyValue pair has already been run by this point I need to redirect the page back to itself to repopulate those values.

这似乎合作得很好：）

    void Session_Start(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // Code to load session over ssl. When changing between two sessions
        if (isPaymentPage && Request.QueryString["sid"] != null && Request.IsSecureConnection)
        {
            string passedSessionId = Request.QueryString["sid"];
            Session.Abandon();
            Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", passedSessionId));
            Response.Redirect(Request.Url.LocalPath, true);
        }
    }

另外关于某人点击外部链接，同时浏览SSL purchase.aspx页面在Global.asax以下为将流量重定向回标准无SSL页，如果它不付款页面我已经写了。

Also with regard to somebody clicking on an external link whilst browsing the ssl purchase.aspx page i've written following in the global.asax to redirect traffic back to standard none ssl pages if it's not the payment page.

void Application_BeginRequest(object sender, EventArgs e)
    {
        bool isPaymentPage = (Request.Path.ToLower().IndexOf("payment.aspx") != -1);

        // In the case someone has navigated away from the payment page redirect them back to the none secure protocol.
        if (!isPaymentPage && Request.IsSecureConnection)
        {
            bool isAxdResource = (Request.Path.ToLower().IndexOf(".axd") != -1);

            if (!isAxdResource)
            {
                string url = Request.Url.AbsoluteUri.ToLower().Replace("https://", "http://");
                Response.Redirect(url,true);
            }
        }
    }

希望有人认为这是有用的，我被卡住了试图拿出一个很好的解决方案一段时间。

Hope somebody finds this useful, I was stuck for a while trying to come up with a nice solution.

我的灵感来自这个网址。

这篇关于asp.net可以混合使用的cookie存储会话的会话数据Cookie的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！