什么是ASPXAUTH cookie? [英] what is ASPXAUTH cookie?
问题描述
在使用ASP.Net窗体身份验证时,我遇到了.ASPXAUTH cookie。我有几个问题:
- 这个cookie的目的是什么?
- 此Cookie的位置?
ASPXAUTH Cookie用于确定用户是否通过身份验证。
至于cookie的位置,这取决于您的浏览器。如果您使用Firefox,您可以通过单击工具 - >选项 - >隐私来查看cookie。然后向下滚动到域并展开它以查看cookie及其值。该值使用机器密钥(位于服务器的machine.config或web.config文件)加密,因此查看客户端上的cookie不会真正提供您任何信息。您可以使用以下方法解密/查看服务器端的值:
HttpCookie authCookie = Request.Cookies [FormsAuthentication.FormsCookieName]; / /.ASPXAUTH
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
其中 authTicket
有以下字段: p>
>
ASPXAUTH基本上用于维护ASP.NET会话状态的语句不正确。 ASP.NET发出一个完全不同的cookie,名为ASP.NET_SessionId,用于跟踪会话状态。
While working with ASP.Net Forms Authentication I came across the .ASPXAUTH cookie. I have a couple questions:
- What is the purpose of this cookie?
- What is the location of this cookie?
The ASPXAUTH cookie is used to determine if a user is authenticated.
As far as the location of the cookie, that depends on your browser. If you are using Firefox you can view the cookie by clicking on Tools -> Options -> Privacy. Then scroll down to the domain and expand it to see the cookie and its value. The value is encrypted using the machine key (located in the server's machine.config or web.config file) so looking at the cookie on the client won't really provide you any information. You can decrypt/view the value on the server side using:
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];//.ASPXAUTH
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
where authTicket
has these fields:
The statement "ASPXAUTH is basically used to maintain ASP.NET Session State" is incorrect. ASP.NET issues an entirely different cookie, named ASP.NET_SessionId, to track session state.
这篇关于什么是ASPXAUTH cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!