ASP.NET MVC AntiForgeryToken和缓存 [英] ASP.NET MVC AntiForgeryToken and Caching
问题描述
我目前工作的一个ASP.NET MVC项目,并在这似乎奇怪的错误来了。
I am currently working on an ASP.NET MVC project and came upon an error that seemed peculiar.
在ASP.NET MVC模板形式总是得到一个AntiForgeryToken(从而导致我相信这是一个最佳实践)。然而AntiForgeryTokens似乎并没有与高速缓存很好地工作。
In the ASP.NET MVC Templates forms always get an AntiForgeryToken (thus leading me to believe that this is a best practice). However AntiForgeryTokens don't seem to work well with caching.
例如,当我打开一个网站有包括AntiForgeryToken一种形式,我重复浏览器窗口两个窗口有完全相同的AntiForgeryToken导致异常张贴表单时。当禁用缓存不存在这个问题(通过ActionFilter NOCACHE,请参见 asp.net的MVC禁用浏览器缓存)。
For example when I open a site with a form including an AntiForgeryToken and I duplicate the browser window both windows have the exact same AntiForgeryToken leading to an exception when posting the form. This problem does not exist when caching is disabled (via ActionFilter NoCache, see asp.net mvc disable browser cache).
所以我想我的问题是:这个应该是这样呢?是否有禁用除了缓存来解决这个问题的任何其他方式?
So I guess my question is: Is this supposed to be that way? Is there any other way besides disabling the cache to tackle the problem?
特别是一个事实,即默认ASP.NET MVC模板包含AntiForgeryTokens但不要禁用缓存(因此是开放的上述错误),让我不知道。
Especially the fact that the default ASP.NET MVC templates contain AntiForgeryTokens but don't disable the cache (and therefore are open to the error described above) makes me wonder.
在此先感谢!
推荐答案
这是预期的行为。缓存很好缓存答案,包括AntiForgeryToken的值。禁用在使用AntiForgeryToken网页上的形式缓存,和尤其如此。如果你觉得这个进一步,如果您在数据输入应用程序是,你要缓存的数据输入表单?可能不会。然而,你希望缓存沉重的报告 - 即使它只是微缓存 - 第二个或两个
This is the expected behavior. Caching nicely caches the answer, including the value of the AntiForgeryToken. Disable caching on forms, and in particular on pages that use AntiForgeryToken. If you think about this further, if you're in a data-entry app, do you want to cache your data-entry forms? Probably not. However you do want to cache heavy reports -- even if it's just micro-caching -- a second or two.
这篇关于ASP.NET MVC AntiForgeryToken和缓存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
