在IE地址栏,并在源奇怪的字符串 [英] Strange string in IE Address bar and in source
问题描述
这可能是也可能不是一个编程的问题,但我的网站的一个或两个用户已经得到了一些奇怪的字符串被插入到他们的地址栏。
This may or may not be a programming question, but one or two users of my website have got some strange strings being inserted into their address bar.
地址应该是:
的http:// URL /夫妇文件夹/ page.aspx的
The address should be: http://URL/Couple of Folders/page.aspx
但偶尔同样的事情就变成了:
的http://URL/(X(1)F(qHfgTf50ahMY47b-lnz3ovk89OA4AbMN4S-sYVZCgCULL))/Folders/Page.aspx
but occassionally the same thing becomes: http://URL/(X(1)F(qHfgTf50ahMY47b-lnz3ovk89OA4AbMN4S-sYVZCgCULL))/Folders/Page.aspx
的字符串也是在行动领域像这样:
The string is also in the action field as so:
<form name="aspnetForm" method="post" action="/**(X(1)F(qHfgTf50ahMY47b-lnz3ovk89OA4AbMN4S-sYVZCgCULL))**/<Page>.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
我没有服务器/ IIS专家,所以请原谅我,如果这是一个愚蠢的问题,但什么是奇怪的字符串和我/我的客户需要担心?
I'm no server/IIS expert, so please excuse me if this is a dumb question, but what is the strange string and do I/my clients need to worry?
推荐答案
看起来你在你的web配置设置为自动Cookie会话。
Looks like you have cookieless sessions set to auto in your web config.
如果用户允许饼干,其sessionID的存储在存储器中的cookie。如果它们不匹配,ASP.Net推的sessionID到URL,这是用于识别用户发出请求。您所看到的字符的字符串怪是为那些谁拥有饼干人sessionIDs关闭。
If a user allows cookies, their sessionID is stored in an in memory cookie. If they don't, ASP.Net pushed the sessionID into the URL, and this is used to identify which user is making the request. The strange string of characters you are seeing are sessionIDs for those people who have cookies switched off.
有没有真正什么这里担心,虽然它确实让会话劫持轻松一点......也许就不会强调这个虽然。
There's not really anything to worry about here, although it does make session hijacking a little easier... Probably wouldn't stress about this though.
希望它可以帮助...
Hope it helps...
这篇关于在IE地址栏,并在源奇怪的字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
