是什么让一个请求在asp.net C#一个新的请求 [英] what makes a request a new request in asp.net C#
问题描述
OK基本上我想要实现形式的验证我的Web应用程序,并要做到这一点,我需要知道如何在Web服务器决定的请求是一个新的或没有。这是becasue的网服务器创建每个新的请求一个新的会话。
所以我创造每成功登录的authenticatecoookie和永久性Cookie,将持续,直至将超时,无论天气的用户关闭他/她的浏览器或失去连接,并有权重新为这个cookie存储在客户端计算机上。因此,在这种情况下,可以说用户重新连接到服务器,并且他的authenticatecoookie没有超时呢。因此,他请求因此已经过身份验证,那么,这是否也意味着,这不是一个新的请求?而服务器将不会为它创建一个新的会话为一个已经存在呢?
另一种情况/情形是,如果authenticatecoookie超时用户重新连接之前,请求将不进行身份验证,但将这个请求也将considerd一个新的请求与否,因此服务器将不会为它创建一个新的会话为一个已经存在呢?
我问这个,因为我什么用户ID存储在一旦用户成功登录,从而使会话时authenticatecoookie超时,我就可以在会话中去retrive用户ID作为会话时间出晚得多比authenticatecoookie然后更新我的用户表,以指示在该用户不再登录
因此,在这种情况下,可以说,用户重新连接到服务器,并且他的
authenticatecoookie没有超时呢。所以他的要求因此
已经验证,所以没有这也意味着,这不是一个新的
要求?这是不是从形式来看认证系统点的新请求,因为请求提供有效的形式验证cookie。
和服务器为一个已经存在的它不会为它创建一个新的会话?
会话处理机制与形式的认证机制是不同的。客户端可以打到服务器的有效形式的身份验证cookie并没有有效的会话cookie(和,因为这些机制是不同的,任何组合都是可能)
因此,如果需要会话和客户端没有一个服务器将创建一个新的会话。
,使得当authenticatecoookie超时然后可以去
retrive用户ID在会话的会话超时要晚得多
比authenticatecoookie如果您的站点主要是验证的基于-,也许你应该这样做通过配置比会话持续时间更长的形式认证期限的其他方式。
- 在您的网页/控制器/动作强制认证形式
- 您的网页/动作处理过程中,确保用户ID存储在会话中。如果不是,存储它,以便它是上Session_End中avalaible
OK basically I am trying to implement form authentication in my web application and to do this I need to know how does the web-server decide a request is a new one or not. This is becasue the webs-server creates a new session per new request.
So i create an authenticatecoookie per successful login and its a persistent cookie that will last until it times-out regardless of weather the user closes his/her browser or looses connection and has to reconnect as this cookie is stored on the client computer. So in that case lets say the user reconnects to the server and his authenticatecoookie hasn't timed-out yet. So his request is therefore already authenticated, so does this also mean that this is not a new request? and the the server will not create a new session for it as one already exits for it?
another case/scenario would be if the authenticatecoookie times out before the user reconnects, the request will not be authenticated but will this request also be considerd a new request or not and therefore the server won't create a new session for it as one already exits for it?
I am asking this because I what to store a user-ID in the session once a user has successfully logged in so that when the authenticatecoookie times out I can then go and retrive the user-ID in the session as the session times out much later than the authenticatecoookie and then update my usertable to indicate that that user is no longer logged in
解决方案So in that case lets say the user reconnects to the server and his authenticatecoookie hasn't timed-out yet. So his request is therefore already authenticated, so does this also mean that this is not a new request?
It is not a new request from the Form Authentication system point of view, because the request provide a valid form authentication cookie.
and the the server will not create a new session for it as one already exits for it?
Session handling mechanism is distinct from Form authentication mechanism. A client can hit the server with a valid form authentication cookie and no valid session cookie (and, as those mechanisms are distinct, any combination is possible) So, the server will create a new session if session is required and the client does not have one.
so that when the authenticatecoookie times out I can then go and retrive the user-ID in the session as the session times out much later than the authenticatecoookie
If your site is mostly authentication-based, maybe you should do it the other way by configuring a longer form authentication duration than session duration.
- enforce form authentication on your pages/controllers/actions
- during your pages/actions processing, ensure that the userid is stored in the session. If not, store it so that it is avalaible on session_end
这篇关于是什么让一个请求在asp.net C#一个新的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
