如何创建amazon就像在ASP.NET MVC中引用朋友程序一样 [英] How create amazon like refer a friend program in ASP.NET MVC
问题描述
我有一个用户可以推荐朋友赚钱的场景。我想到的一件事就是在查询字符串中传递当前的userId,当其他用户访问此URL时,我将保存会话中的值。因此,每当用户注册我将得到该会话时,如果它是空的,则将其提交给db。
我的问题是,这种方式对于网站是安全的不?如果没有请建议我另一种方式。
提前致谢
我尝试了什么:
我在查询字符串中传递当前的userId,当其他用户访问此URL时,我将保存会话中的值。因此,每当用户注册时,我将获得该会话,如果它是空的,则将其提交给db。
I have scenario where a user can refer a friend to earn. One thing came into my mind is just pass the current userId in query string and when other user access this url i will save the value in session. So whenever user signup i will get that session compare if it is empty or not and commit it to db.
My question is, this way is secure for the website or not? If Not please suggest me the other way to do it.
Thanks in Advance
What I have tried:
I pass the current userId in query string and when other user access this url i will save the value in session. So whenever user signup i will get that session compare if it is empty or not and commit it to db.
推荐答案
很多网站都是这样工作的,唯一的真正的缺点是,任何人都可以构建这个推荐网址,但如果有人要恶意地做,只有真正的好处是将自己的ID放在网址中......但这实际上无法以任何方式利用。
如果您想要提高安全性,那么针对每个用户存储一个引用GUID,或者只是一串随机字符。为用户提供一个页面,用户可以在其中查看他们的推介网址,并在网址上显示引荐ID,而不是用户ID。当有人在会话中注册此ID时,您将查找与该推介ID相关联的用户。由于推荐ID是随机的,因此几乎不可能欺骗或猜测其他人的ID。
A lot of websites do work that way, the only real downside is that anyone can construct this referral url, but if someone was to do it maliciously there only real benefit is to put their own id in the url...but that can't really be taken advantage of in any way.
If you wanted a step up for security then against each user store a referral GUID, or just a string of random characters. Give the users a page where they can view what their referral url is, and it with have the referral id on the url rather than their user id. When someone signs up with this id in the session you look up the user that is associated with that referral id. As the referral id is random it is almost impossible to spoof or guess the ids of others.
这篇关于如何创建amazon就像在ASP.NET MVC中引用朋友程序一样的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
