会议将不保留值，并始终返回null [英] Session would not retain values and always return null

问题描述

我有一个网站，它完全通过HTTPS。即使有人试图通过HTTP访问，他将被重定向到HTTPS。我使用窗体身份验证。最近我换了一个环境，使网站更加安全和会话后不保留值，并始终返回null。的设置，

I have a website, its completely over HTTPS. Even if someone tries to access over HTTP he will be redirected to HTTPS. I am using forms authentication. Recently I changed a setting to make the site more secure and after that Session is not retaining values and is always returning null. The settings are,

<httpCookies httpOnlyCookies="true" requireSSL="true"/>
<sessionState cookieless="false"/>

我对如何解决这个问题不知道。我该如何解决这个问题？另外，是我的地盘脆弱的，如果我不使用此设置？认为一切是安全的。

I have no idea on how to fix this issue. How do I fix this issue? Also, is my site vulnerable if I do not use this setting? consider that everything else is secure.

推荐答案

您的问题是太一般以了许多线索，这样我就可以给你一些点继续前进。

You question is too general with out many clues, so I can give you some points to move on.

[1] 将域设置上的cookie，用了 WWW。，所以该Cookie可以读取和即使误在WWW缺少设置

[1] set also the domain on the cookies, with out the www., so the cookie can be read and set even if by mistake the www is missing.

<httpCookies domain="yourdomain.com" httpOnlyCookies="true" requireSSL="true"/>

[2] 您还需要设置＆LT;形式... 类似的参数（和其他东西你永远都设置）

[2] you also need to setup the <forms... with similar parameters (and what ever else you have set)

<forms name=".klidi" path="/" requireSSL="true" cookieless="UseCookies" 
   domain="yourdomain.com" enableCrossAppRedirects="false" 
        slidingExpiration="true" />

[3] 您还需要设置＆LT; roleManager 类似的参数

[3] you also need to setup the <roleManager with similar parameters.

<roleManager enabled="true" cacheRolesInCookie="false" cookieProtection="All" cookieSlidingExpiration="true" 
           cookieTimeout="20" domain="yourdomain.com" cookieRequireSSL="true">

和持续的最重要的一组此行的code尝试设置或使用任何Cookie，以了解是否错误你没有使用安全连接 HTTPS 。

and last the most important set this line on your code before you try to set or use any cookie to see if by mistake you did not use secure connection https.

Debug.Assert(HttpContext.Current.Request.IsSecureConnection, "With out https, cookie will not work");

通过设定的最后一行，您的计算机上，当你让你的网站，你可以看到和诊断问题是否来自非安全连接来了，因为从此刻将 requireSSL 为true，任何简单的连接将不会举行任何的cookie。

By setting the last line, on your computer when you make your site you can see and diagnose if the problem is coming from non secure connection, because from the moment you set the requireSSL to true, any simple connection will not hold any cookie.

也可以尝试清除的情况下你的cookies小甜饼非安全的存在，你有任何的冲突，或者尝试其他的浏览器。

Also try to clear your cookies in the case that the cookie exist as non secure and you have any conflict, and or try other browsers.

您还可以阅读：<一href=\"http://stackoverflow.com/questions/2498599/can-some-hacker-steal-the-cookie-from-a-user-and-login-with-that-name-on-a-web-s\">Can一些黑客从用户窃取cookie并在网站上使用该名称登录？

这篇关于会议将不保留值，并始终返回null的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！