重置会话后在FluorineFx中使用旧用户凭据? [英] Old user credentials in FluorineFx after resetting a session?

问题描述

我们有一个FluorineFx/ASP.Net应用程序，该应用程序使用表单身份验证来标识当前用户.要在FluorineFx中使用这些凭据，请使用FluorineContext.Current.User.Identity.当我第一次登录时，当前上下文巧妙地反映了正确的身份.

We have a FluorineFx / ASP.Net application which uses forms authentication to identify the current user. To use these credentials in FluorineFx, we use FluorineContext.Current.User.Identity. When I log in the first time, the current context neatly reflects the right identity.

注销后，我将执行FormsAuthentication.SignOut()和Session.Abandon来使用户凭据和会话均无效.但是当我再次以其他用户身份登录时，FluorineContext.Current.User.Identity包含先前用户的凭据，而ASP.Net应用程序具有正确的用户凭据.当我重建应用程序时，会重置FluorineFx凭据以再次反映正确的凭据.

When I log out, I perform a FormsAuthentication.SignOut() and a Session.Abandon to invalidate both the user credentials and the session. But when I log in again as another user, FluorineContext.Current.User.Identity contains the credentials of the previous user, while the ASP.Net application has the right user credentials. When I rebuild my application, the FluorineFx credentials are reset to reflect the right credentials again.

有人对此有一个解释，和/或如何解决这个问题?

Does anyone have an explanation for this, and/or how to fix this?

推荐答案

因为会话重置有效，并且用户的身份无效，所以这不是身份验证Cookie的问题.我仍然没有找到解决此问题的好方法，因此决定将当前用户的身份存储在会话中.会话变量经过加密，并在每次调用时进行更新，以确保传递正确的凭据.

Because the Session reset works, and the user's identity doesn't, it's not an authentication cookie problem. I still haven't found a good solution for this problem, and decided to store the current user's identity in session. The session variables are encrypted and are updated on each call to make sure the right credentials are passed along.

这篇关于重置会话后在FluorineFx中使用旧用户凭据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！