POST请求失败时&LT;的sessionState无Cookie =&QUOT;自动检测&QUOT; /&GT;设置 [英] POST requests fail when <sessionState cookieless="AutoDetect" /> is set
问题描述
考虑以下情况:
- 在Web服务器正在运行与.net应用程序
&LT;的sessionState无Cookie =自动检测/&GT; - 在客户端使用一个简单的
的HttpWebRequest(无饼干)发送的数据吧。
- A web server is running a .NET app with
<sessionState cookieless="AutoDetect" />. - A client is POSTing data to it using a simple
HttpWebRequest(no cookies).
这看似简单的情况下,会导致重大的失误。
This seemingly simple case causes major failure.
由于.NET不能确定是否请求代理(的HttpWebRequest )支持cookie,它响应与一个302重定向发现在同一位置时,POST请求:
Since .NET can't determine if the requesting agent (HttpWebRequest) supports cookies, it responds to the POST request with a 302 Found redirect to the same location with:
- 名为
AspxAutoDetectCookie在响应的cookie - 名为
AspxAutoDetectCookie在转发位置的查询参数
- a cookie named
AspxAutoDetectCookiein the response - a query parameter named
AspxAutoDetectCookiein the forwarded location
请求代理,然后应该申请新的位置,其中的HttpWebRequest 一样。当.NET看到 AspxAutoDetectCookie 在查询字符串,它知道这是一个重新请求,并能确定是否饼干被看到,如果一个cookie名为<$ C $支持C> AspxAutoDetectCookie 是请求头。
The requesting agent is then supposed to request the new location, which HttpWebRequest does. When .NET sees AspxAutoDetectCookie in the query string, it knows this is a re-request, and it can determine if cookies are supported by seeing if a cookie named AspxAutoDetectCookie is in the request headers.
现在的问题是,大多数请求代理(Web浏览器,的HttpWebRequest )治疗302找到的,就好像它是一个303看其他并使重新请求一个GET,不管原来的HTTP方法!在最初的POST请求发送的任何数据不被转发。
The problem is that most requesting agents (web browsers, HttpWebRequest) treat a 302 Found as if it is a 303 See Other and make the re-request a GET, regardless of the original HTTP method! Any data sent in the initial POST request is not forwarded.
正确的答案应该是307临时重定向,这不会改变请求方法。 (POST请求到x重定向到一个发表请求位置Y-。)
The correct response should be a 307 Temporary Redirect, which does not change the request method. (A POST request to location X redirects to a POST request to location Y.)
有没有办法来改变这种行为,.NET等等POST请求不被破坏?
Is there any way to change this behaviour in .NET so POST requests are not destroyed?
上3XX重定向信息
推荐答案
我可以看到这个问题的唯一解决办法是追加 AspxAutoDetectCookie = 1 所有POST请求。
The only solution I can see to this is to append AspxAutoDetectCookie=1 to all POST requests.
这样,ASP.NET将永远不会重定向请求,我们可以完全闪避302 VS 307的问题。如果Cookie被嵌入在请求中,ASP.NET会检测到的Cookie支持,如果没有饼干嵌入,它会假设他们不是。
This way, ASP.NET will never redirect the request and we can dodge the 302 vs 307 question altogether. If cookies are embedded in the request, ASP.NET will detect that cookies are supported, and if no cookies are embedded, it will assume they aren't.
这篇关于POST请求失败时&LT;的sessionState无Cookie =&QUOT;自动检测&QUOT; /&GT;设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
