在Web.Config中设置ServiceStack Cookie域会导致会话ID在每个请求上更改 [英] Setting ServiceStack Cookie Domain in Web.Config Causes Session Id to Change on Every Request

问题描述

根据 ServiceStack - 网域和子网域的验证，我将

但是我注意到，一旦我添加这行到配置，一个新的会话ID生成每个请求，无论用户是否已经验证。

$ b $

我的应用程式代码：

  public override void Configure（Funq.Container container）
 {
 Plugins.Add（new AuthFeature（（）=> new CustomUserSession（），
 new IAuthProvider [] {
 new CustomCredentialsProvider（），
}））; 
 
 container.Register< IRedisClientsManager>（c => new PooledRedisClientManager（10.211.55.2:6379））; 
 container.Register< ICacheClient>（c => c.Resolve< IRedisClientsManager>（）。GetCacheClient（））; 
 
 var userRep = new InMemoryAuthRepository（）; 
 container.Register< IUserAuthRepository>（userRep）; 
} 
  

我的自定义凭证提供程序：

  public class CustomCredentialsProvider：CredentialsAuthProvider 
 {
 public override bool TryAuthenticate（ServiceStack.IServiceBase authService，string userName，string password）
 {
 return true; 
} 
 
 public override void OnAuthenticated（ServiceStack.IServiceBase authService，IAuthSession session，IAuthTokens tokens，Dictionary< string，string> authInfo）
 {
 session.UserAuthName = 测试用户; 
 session.UserName =test user; 
 
 authService.SaveSession（session）; 
} 
} 
  

我的默认页面：

  public partial class _Default：WebForms.App_Start.PageBase 
 {
 protected void Page_Load（object sender，EventArgs e）
 {
 try 
 {
 //以各种方式获取会话信息
 var session = this.UserSession; 
 
 var sessionKey = SessionFeature.GetSessionKey（）; 
 
 var session2 = SessionFeature.GetOrCreateSession< CustomUserSession>（this.Cache）; 
 
 var session3 = this.Cache.Get< CustomUserSession>（sessionKey）; 
 
} 
  

会话密钥将被发布并保持不变对每个请求（这是预期）。添加：

 < system.web> 
< httpCookies domain =localhost/> 
  

导致每个请求的sessionKey不同;几乎像cookie正在过期。将域更改为像'test.com'或'.test.com'似乎没有什么区别。我添加了127.0.0.1 localhost和127.0.0.1 test.com到我的Windows主机文件，以测量。

同样，注释掉httpCookies行和会话id保持相同，即使在认证后。

正在设置Cookie，并且每次请求都设置新的会话ID，因此添加上述行会导致会话在每个请求中更改，无论是否进行验证。 。

我可能做错什么，我会在哪里覆盖这个行为？任何帮助是赞赏。

解决方案

这看起来不像ServiceStack问题，而是浏览器不接受返回的cookie，域是无效的选择。

localhost 不是有效的Cookie网域：

您不应将域设置为 localhost ，因为这是无效的Cookie域。对于被认为有效的cookie域，它必须有一个。。因此，当使用localhost时，域值必须 null 。

IP地址不是有效的Cookie域： h1>

您不能将IP地址用作Cookie域。因此，设置 127.0.0.1 可以被浏览器视为无效。

主机文件：

您说您设置 test.com 指向 127.0.0.1 hosts文件。鉴于您的ServiceStack服务正在侦听环回地址，则域 test.com 应该适用于该服务，但您必须在配置中反映出来，即

 < system.web> 
< httpCookies domain =test.com/>您也可以直接在您的AppHost 配置中配置这个配置文件
 

c>方法：

  public override void Configure（Container container）
 {
 Config = new HostConfig {
 RestrictAllCookiesToDomain =test.com，
}; 
} 
  

如果ServiceStack正确设置了cookie，问题必须是cookie不被浏览器接受。您可以确认这是检查浏览器与请求一起发送的Cookie。如果您在下一个要求时没有看到Cookie传回，浏览器就不接受。您必须确保您从 http://test.com 发出请求，而不是从 localhost 或 127.0.0.1 。

As per ServiceStack - Authentication for domain and subdomains, I set the cookie domain in the httpCookies section and it in fact works - it sets the domain of the cookie properly.

But what I noticed is, once I add this line to the config, a new session id is generated on every request, regardless if the user has already been authenticated.

My code is bare bones and simple.

My app host code:

public override void Configure(Funq.Container container)
{
        Plugins.Add(new AuthFeature(() => new CustomUserSession(),
            new IAuthProvider[] {        
                    new CustomCredentialsProvider(), 
                }));

        container.Register<IRedisClientsManager>(c => new PooledRedisClientManager("10.211.55.2:6379"));
        container.Register<ICacheClient>(c => c.Resolve<IRedisClientsManager>().GetCacheClient());

        var userRep = new InMemoryAuthRepository();
        container.Register<IUserAuthRepository>(userRep);
}

My custom credentials provider:

public class CustomCredentialsProvider : CredentialsAuthProvider
{
    public override bool TryAuthenticate(ServiceStack.IServiceBase authService, string userName, string password)
    {
        return true;
    }

    public override void OnAuthenticated(ServiceStack.IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
    {
        session.UserAuthName = "test user";
        session.UserName = "test user";

        authService.SaveSession(session);
    } 
}

My default page:

public partial class _Default : WebForms.App_Start.PageBase
{
    protected void Page_Load(object sender, EventArgs e)
    {
        try
        {
            //get session information in every way possible
            var session = this.UserSession;

            var sessionKey = SessionFeature.GetSessionKey();

            var session2 = SessionFeature.GetOrCreateSession<CustomUserSession>(this.Cache);

            var session3 = this.Cache.Get<CustomUserSession>(sessionKey);        

        }

sessionKey, above, will be issued and will stay the same on every request (which is expected). Adding:

<system.web>
  <httpCookies domain="localhost"/>

causes sessionKey to be different every request; almost like the cookie is immediately expiring. Changing the domain to something like 'test.com' or '.test.com' doesn't seem to make a difference. I added 127.0.0.1 localhost and 127.0.0.1 test.com to my windows hosts file for good measure.

Again, commenting out the httpCookies line and the session id stays the same, even after authenticating. Adding the above line causes session to change on every request, regardless of authenticating or not.

Cookies are being set, and they are set with the new session id on every request.

What might I be doing wrong and where would I override this behavior? Any help is appreciated.

解决方案

This doesn't look like a ServiceStack issue, but rather a problem with your browser not accepting the returned cookie because your test domains are invalid choices.

localhost is not a valid cookie domain:

You shouldn't be setting the domain to localhost, as this is not valid cookie domain. For a cookie domain to be considered valid it must have a . in it. So when working with localhost the domain value must be null.

IP addresses are not valid cookie domains:

You cannot use an IP address as a cookie domain. So setting 127.0.0.1 can be considered invalid by the browser.

Hosts file:

You said you setup test.com to point to 127.0.0.1 in your hosts file. Given that your ServiceStack service is listening on the loopback address then the domain test.com should work for the service, but you would have to reflect that in the configuration, i.e.

<system.web>
    <httpCookies domain="test.com"/>

You could alternatively configure this directly in your AppHost Configure method:

public override void Configure(Container container)
{
    Config = new HostConfig {
        RestrictAllCookiesToDomain = "test.com",
    };
}

If ServiceStack is correctly setting the cookie, which you say it is, then the problem has to be with the cookie not being accepted by the browser. You can confirm this be checking the cookies the browser is sending with the request. If you are not seeing a cookie sent back with your next request, the browser didn't accept them. You have to ensure that you are making requests from http://test.com and not from localhost or 127.0.0.1.

这篇关于在Web.Config中设置ServiceStack Cookie域会导致会话ID在每个请求上更改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！