当以其他用户身份登录会话丢失/饼干 [英] Lost session/cookie when login as another user
问题描述
我建立 DNN
这允许用户登录模块登录为另一个用户。
但是,我在这里有一些有线问题。
这是我如何注销当前用户和登录作为另一个用户:
I am building dnn
module which allow logged in user to log in as another user.
But I have some wired issue here.
This is how I log out current user and login as another user:
UserInfo userInfo = UserController.GetUserById(portalId, userId);
if (userInfo != null)
{
DataCache.ClearUserCache(this.PortalSettings.PortalId, Context.User.Identity.Name);
if (Session["super_userId"] == null)
{
Session["super_userId"] = this.UserId;
Session["super_username"] = this.UserInfo.Username;
}
HttpCookie impersonatorCookie = new HttpCookie("cookieName");
impersonatorCookie.Expires = DateTime.Now.AddHours(1);
Response.Cookies.Add(impersonatorCookie);
Response.Cookies["cookieName"]["super_userId"] = this.UserId.ToString();
Response.Cookies["cookieName"]["super_username"] = this.UserInfo.Username;
PortalSecurity objPortalSecurity = new PortalSecurity();
objPortalSecurity.SignOut();
UserController.UserLogin(portalId, userInfo, this.PortalSettings.PortalName, Request.UserHostAddress, false);
Response.Redirect(Request.RawUrl, true);
}
而在 pageLoad的()
我尝试从这个cookie值读取,但它不读什么:
And in PageLoad()
I try to read value from this cookie but it doesn't read anything:
try
{
string super_userId = Request.Cookies["cookieName"]["super_userId"];
string super_username = Request.Cookies["cookieName"]["super_username"];
if (!String.IsNullOrEmpty(super_userId))
{
this.Visible = true;
this.lblSuperUsername.Text = Session["super_username"].ToString();
this.txtPassword.Enabled = true;
this.btnBackToMyAccount.Enabled = true;
}
...
我也试图做同样的会议,但没有什么工作,我想不通为什么?
I also have tried to do the same with session but nothing works, and I can't figure why?
推荐答案
,因为我觉得<一个href=\"http://stackoverflow.com/questions/5366635/is-it-possible-to-set-a-cookie-during-a-redirect-in-asp-net\">here,可以有href=\"http://www.zugiart.com/2011/04/http-redirect-and-cookies/\"这里rel=\"nofollow\">问题,在被重定向的请求设置cookie和中指出,饼干不会得到设定重定向时,他们的域名是不是 /
。
As I find here, there can be problems with setting cookies in a request that gets redirected, and here is stated that cookies won't get set with a redirect when their domain is not /
.
所以,你可以尝试使用HTTP头没有自动跳转,而是显示登录页面,而不是包含主页链接和的元刷新或 JavaScript重定向。
So you can try to not redirect using HTTP headers, but show a "Logged In" page instead that contains a "Home" link and a meta refresh or Javascript redirect.
顺便说一句,在Cookie设置一个用户名是不是真的要走的路。如果我那个cookie值更改为 1
?
By the way, setting a UserID in a cookie is not really the way to go. What if I change that cookie value to 1
?
这篇关于当以其他用户身份登录会话丢失/饼干的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!