Safari 和 Asp.net 中 cookie 的奇怪问题 [英] Strange problem with cookies in Safari and Asp.net

问题描述

我在 Asp.net 的登录页面上有一个奇怪的问题，这个问题只发生在 Safari 上.

I have a strange problem on my login page in Asp.net this problem only happens with Safari.

验证用户后，我从数据库中获取用户名(数据库中的字段为 UTF8)并将其保存在 cookie 中.问题是，当用户的名称带有特殊字符时，我会在未登录的情况下被重定向到我来自的页面.例如，Moller"工作正常，用户登录但不是Møller".

When the user is validated I fetch the name of the user from the database (the field in the database is UTF8) and save it in a cookie. The problem is that when the user has a name with special characters I get redirected to the page where I came from without being logged in. For example "Moller" works fine and the user is logged in but not "Møller".

同样，这种情况只发生在 Safari 中，并且名称中有特殊字符时.不起作用的行是:Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);

Again this is only happening with Safari and when I have special characters in the name. The row that isn't working is: Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);

这是我的代码:

string userid = validUserWithEmail(TextBoxEmail.Text, TextBoxPassword.Text);
if (userid != null) {
    //VALID USER
    Response.Cookies["userInfo"].Expires = DateTime.Now.AddDays(30);
    Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);

    FormsAuthentication.RedirectFromLoginPage(userid, CheckBoxPersistCookie.Checked);
} 
else
{
    //NOT A VALID USER SHOW A MESSAGE FOR THE USER OR SOMETHING
}

推荐答案

Safari 不会将 cookie 的值设置为非 ASCII 字符，其他浏览器在显示非 ASCII 字符方面可能无法预测.由于任何浏览器的 cookie 值中也不允许使用分号，因此我建议使用 UrlEncode/UrlDecode.

Safari will not set cookies with non-ASCII characters in their value and other browsers can be unpredictable in how they display non-ASCII characters. As semi-colon is also not allowed in cookie values for any browser I would recommend using UrlEncode/UrlDecode.

如果您只是编写 cookie 并且无法控制站点读取/显示要放入 URLDecode 的值，您也可以执行以下操作:

If you are just writing the cookie and do not have control over the site reading/displaying the value to put in the URLDecode you can also do something like this:

ckCookie.Value = (Server.HtmlEncode( strSpecialCharacters )).Replace(";","");

这将确保在 cookie 中设置完整的字符串，即使没有 ; Safari、Chrome、Firefox 和 IE 仍能识别 html 代码并且读取时不需要解码.

This will ensure the full string is set in the cookie and Safari, Chrome, Firefox and IE will still recognize the html codes even without the ; and does not require decoding when read.

有关 cookie 规范的详细答案，请参阅:cookie 中允许的字符

For a longer answer on cookie specs see: Allowed characters in cookies

这篇关于Safari 和 Asp.net 中 cookie 的奇怪问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！