获得403：禁止访问：访问被拒绝当用户在会话结束无意中登录 [英] Getting 403: Forbidden: Access is Denied when users closes logged in session accidentally

问题描述

我收到403当用户不小心关闭了浏览器未注销并再次尝试打开该网址。

当他们回来看看，网站抛出403要暂时解决我清理掉所有cookie的问题，并访问是重新打开。

When they check back, website throws 403. To temporarily resolve the issue I clean out all the cookies and the access is back on.

错误：
403 - 禁止：拒绝访问。
您没有权限使用您提供的凭据查看该目录或网页。

Error: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

详细排查：
Web.Config文件      
        
      
    
    
    
    
      
      
    
    
    

Details to troubleshoot: Web.Config file

  <forms loginUrl="index.aspx" 
         protection="All" path="/" 
         timeout="300" 
         name="AppNameCookie" 
         slidingExpiration="true" 
         defaultUrl="index.aspx" 
         cookieless="UseCookies" 
         enableCrossAppRedirects="false" 
         requireSSL="false"/>

code来验证用户身份。

Code to authenticate users

                ' Create the cookie that contains the forms authentication ticket                
                Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(sUserName, False)

                'HttpOnly cookie means it is not accessible by the client through ECMAScript.
                authCookie.HttpOnly = True

                authCookie.Expires = Now.AddMinutes(300)


                ' Get the FormsAuthenticationTicket out of the encrypted cookie                
                Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)

                ' Create a new FormsAuthenticationTicket that includes our custom User Data                
                Dim newTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userDataString)

                ' Update the authCookie's Value to use the encrypted version of newTicket                
                authCookie.Value = FormsAuthentication.Encrypt(newTicket)

                ' Manually add the authCookie to the Cookies collection                
                Response.Cookies.Add(authCookie)
                ' Determine redirect URL and send user there  

我觉得这是与饼干的问题，但我摸不清的根本原因这个问题。

I think there is an issue with the cookies but I am unable to figure the root cause for this issue.

更新：我发现了如何复制这一问题

UPDATE: I found how to duplicate this issue

登录为用户，并关闭浏览器而不退出。
尝试打开主页，它抛出错误。

Login as a user and close the browser without logging out. Try to open the home page and it throws error.

推荐答案

问题已解决。

的冲突是在登录页面AuthCookie和下面一行是造成问题。

The conflict was with the AuthCookie in the login page and the following line was causing the problem.

authCookie.HttpOnly = True
authCookie.Expires = Now.AddMinutes(120)
Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
Dim newTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, False, userDataString)
authCookie.Value = FormsAuthentication.Encrypt(newTicket)

与他们工作得很好以下行取代。

Replaced with the following lines they work fine.

Dim asx As New FormsAuthenticationTicket(sdata, False, 60)
Now encrypt the ticket.
Dim encryptedTicket As String = FormsAuthentication.Encrypt(asx)
Dim authCookie As New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)

这篇关于获得403：禁止访问：访问被拒绝当用户在会话结束无意中登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！