当以其他用户身份登录会话丢失/饼干 [英] Lost session/cookie when login as another user

问题描述

我建立 DNN 这允许用户登录模块登录为另一个用户。

但是，我在这里有一些有线问题。

这是我如何注销当前用户和登录作为另一个用户：

I am building dnn module which allow logged in user to log in as another user.
But I have some wired issue here.
This is how I log out current user and login as another user:

UserInfo userInfo = UserController.GetUserById(portalId, userId);
if (userInfo != null)
{                
    DataCache.ClearUserCache(this.PortalSettings.PortalId, Context.User.Identity.Name);

    if (Session["super_userId"] == null)
    {
        Session["super_userId"] = this.UserId;
        Session["super_username"] = this.UserInfo.Username;
    }

    HttpCookie impersonatorCookie = new HttpCookie("cookieName");
    impersonatorCookie.Expires = DateTime.Now.AddHours(1);
    Response.Cookies.Add(impersonatorCookie);

    Response.Cookies["cookieName"]["super_userId"] = this.UserId.ToString();
    Response.Cookies["cookieName"]["super_username"] = this.UserInfo.Username;

    PortalSecurity objPortalSecurity = new PortalSecurity();
    objPortalSecurity.SignOut();

    UserController.UserLogin(portalId, userInfo, this.PortalSettings.PortalName, Request.UserHostAddress, false);

    Response.Redirect(Request.RawUrl, true);
}

而在 pageLoad的（）我尝试从这个cookie值读取，但它不读什么：

And in PageLoad() I try to read value from this cookie but it doesn't read anything:

try
{
    string super_userId = Request.Cookies["cookieName"]["super_userId"];
    string super_username = Request.Cookies["cookieName"]["super_username"];

    if (!String.IsNullOrEmpty(super_userId))
    {
        this.Visible = true;
        this.lblSuperUsername.Text = Session["super_username"].ToString();
        this.txtPassword.Enabled = true;
        this.btnBackToMyAccount.Enabled = true;
    }
...

我也试图做同样的会议，但没有什么工作，我想不通为什么？

I also have tried to do the same with session but nothing works, and I can't figure why?

推荐答案

，因为我觉得<一个href=\"http://stackoverflow.com/questions/5366635/is-it-possible-to-set-a-cookie-during-a-redirect-in-asp-net\">here,可以有href=\"http://www.zugiart.com/2011/04/http-redirect-and-cookies/\"这里rel=\"nofollow\">问题，在被重定向的请求设置cookie和中指出，饼干不会得到设定重定向时，他们的域名是不是 / 。

As I find here, there can be problems with setting cookies in a request that gets redirected, and here is stated that cookies won't get set with a redirect when their domain is not /.

所以，你可以尝试使用HTTP头没有自动跳转，而是显示登录页面，而不是包含主页链接和的元刷新或 JavaScript重定向。

So you can try to not redirect using HTTP headers, but show a "Logged In" page instead that contains a "Home" link and a meta refresh or Javascript redirect.

顺便说一句，在Cookie设置一个用户名是不是真的要走的路。如果我那个cookie值更改为 1 ？

By the way, setting a UserID in a cookie is not really the way to go. What if I change that cookie value to 1?

这篇关于当以其他用户身份登录会话丢失/饼干的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！