C#-想要使用Cookie来限制用户运行网络功能的时间. [英] C# - want to use a cookie to limit the time a user get to run a webfunction.

问题描述

我需要找到一种方法来限制客户运行特定网络通话功能的时间间隔.

我想使用服务器变量，但这将无法工作，因为有多个客户端，并且无法同时或间隔运行调用.

所以我想使用Cookies或其他任何方式.

呼叫看起来像这样:

http://server/javaweb.aspx?getdownload = USERNMAME，PASSWORD&retry = 1(其中0是最近一小时的新数据，而1是重试以再次给出最后结果)

因此，现在有些客户端将调用设置为每1分钟运行一次.我需要至少每10分钟将其阻止一次.

使用Cookie或服务器变量的最佳方法是什么，请告知

I need to find a way to limit my client’s time interval to run a certain web call function.

I wanted to use sever variables but this will not work as there is multiple clients and not running the call at the same time or interval.

So I want to use Cookies or any other way.

The call looks like this:

http://server/javaweb.aspx?getdownload=USERNMAME,PASSWORD&retry=1 (where 0 is new data for last hour and 1 is retry to give last result again)

So now some of the clients setup the call to run every 1 min.. I need to block them to at least every 10 min.

what will be the best way to do this use cookies or server variables please advise

推荐答案

使用Session变量，例如

Use a Session variable e.g.

//declare a new session variable
Session[ "lastrequest" ] = DateTime.Now;

//using the above session
DateTime d1 = ( DateTime )Session[ "lastrequest" ];
DateTime d2 = DateTime.Now;
TimeSpan ts = d2 - d1;

if( ts.TotalMinutes < 10 )
{
    //Continue with request
}
else
{
   //Block request
}

希望有帮助，
Morgs

Hope that helps,
Morgs

进一步了解Morgs的答案(这为您提供了一个很好的技术解决方案):您绝对必须实现类似此服务器端的功能.客户端上的任何内容(基本上您只能访问Cookie，URL和隐藏字段)都可以由知识渊博的用户清除或修改，并且不应依赖除修饰用户设置以外的任何内容(例如主题，时间)区域，菜单配置等)，用户是否覆盖它们都没关系.

会话变量(在服务器端)会在整个会话中持续存在.对于在一个浏览会话中或对于没有登录/用户系统的站点，这是控制访问的最佳方法.但是，用户通常仍可以通过启动新会话(启动其他浏览器或清除会话cookie)来绕过服务器会话限制.与客户端cookie相比，会话是放置控件的更好位置，因为用户无法修改它们，但它们仍可以清除其会话并相当容易地开始新的会话.

如果这是一个具有用户控制权的网站(即登录页面或Web服务的身份验证方法)，则应针对用户存储此类信息.如果您维护自己的用户表，则只需在他们最后一次运行此功能时添加一列即可；我认为您也可以向ASPX用户添加自定义信息，但是我不知道如何.

Further to Morgs''s answer (which gives you a good technical solution): you absolutely must implement something like this server side. Anything on the client side (basically you only have access to cookies, the URL and hidden fields) can be cleared or modified by a knowledgable user and shouldn''t be relied on for anything other than cosmetic user settings (for example themes, time zone, menu configuration etc) where it doesn''t matter if the user overwrites them.

Session variables (on the server side) persist for an entire session. This is the best way to control access within one browsing session, or for a site which does not have a login/user system. However, the user can generally still bypass server session restrictions by starting a new session – starting a different browser or clearing the session cookie. The session is a better place to put control than client-side cookies, because the user can''t modify them, but they can still clear their session and start a new one fairly easily.

If this is a site which has user control (i.e. a login page or an authentication method to a web service), you should store this type of information against the user. If you maintain your own users table, you can simply add a column for the last time they ran this function; I think you can add custom information to the ASPX users as well, but I don''t know how.

您好，谢谢您到目前为止的所有输入.

我在下面做了，
1个请求，会话时间= 0(因此用户可以进行呼叫并获得响应.).
他应该在同一会话中再次请求它，它将告诉他在10分钟内再次执行它.

Hi there and thankyou for all the input so far.

I have don the below and it does:
1 x request where session time = 0 ( thus the user can do the call and get a responce.).
the should he request it again with the same session the it will tell him to do it again in 10 min.

if (Session["lastrequest"] == null)
     Session["lastrequest"] = DateTime.Now;
     DateTime d1 = (DateTime)Session["lastrequest"];
     DateTime d2 = DateTime.Now;
     TimeSpan ts = d2 - d1;
 if (ts.TotalMinutes == 0)
 {
 Response.Write(Dogetdownload(Request.QueryString["getdownload"]));
 }
 else
 {
     Response.Write(" Wait 10 Min and open a new session.");
 }

经过测试，运作良好.

但这不会阻止用户打开新会话并再次执行所有操作.

现在，我需要找到一种方法来限制用户在上次请求后10分钟内无法访问系统.

用户将拨打电话:

http://website/javaweb.aspx?getdownload =用户名，密码和重试=(0或1)

0表示新数据，1表示先前请求的数据.

在我的搜索中，我得出的结论是，必须使用设置的用户名/密码来设置一个有效的服务器.

关于不使用浏览器会话以及如何对数据库进行任何查询的任何建议?

Tested and working well.

But this does not stop the user from opening a new session and do it all again.

Now I need to find a way to limit the user from accessing the system for 10 min after his last request.

The user will do the call:

http://website/javaweb.aspx?getdownload=Username,Password&retry=( 0 or 1 )

0 for new data and 1 for previous requesterd data.

On my search I have come to the conclusion that I will have to set a sever vairiable to set this using a set username / password.

Any sugestions on how to do this not using browser sessions and or any enries to a database ?

这篇关于C#-想要使用Cookie来限制用户运行网络功能的时间.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！