HttpCookie 在本地有效,但在服务器上无效
https://stackoverflow.com/questions/4155808
-
08-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
我的 cookie 管理代码有问题。在每个页面上,我都会查看是否已设置键值。我的问题是查看 cookie 会创建一个空 cookie。
在本地,我可以查看 cookie,然后设置键值,一切正常。但是当我将代码移至测试服务器时,一切行为都不同了。其一,本地仅发出一个 cookie(如 chrome 工具所示)。在服务器上,使用相同的代码发出 2 个 cookie。
我大约 4 年前编写了这段代码,它是为 .net 2.0 设计的,当时 HttpCookie 行为发生了更改,以便查看 cookie,如果它不存在,则会创建一个空的 cookie。以前,在 .Net 1.1 中返回 null。现在我想知道 2.0 和 4.0 之间发生了一些根本性的变化。
我应该注意,我的本地计算机是 Windows 7,服务器是 Windows 2003 服务器 - 但这应该没有任何区别。唯一需要注意的是该应用程序运行在服务器上的虚拟目录中。这会在问题中发挥作用吗?我不知道。我尝试将 cookie 的路径设置为虚拟目录的路径,但没有成功。
我的cookie有几个层,包括直接处理http cookie的基础层,可以打开或关闭以进行调试的加密层,然后是管理层。我将分享我的代码,希望我的逻辑有明显的错误。
我还想提一下,我正在将 FormsAuthentication cookie 用于其他用途。此 cookie 用于一些无关但必需的数据。
我的 cookie 基础层:
public abstract class BaseCookie
{
#region Private Variables
private string cookieName;
private int timeout = 30;
private ExpirationMode expirationMode = ExpirationMode.SlidingExpiration;
private string domain;
private bool httpOnly = true;
private string path = "/";
private bool secure;
private string cookieValue;
#endregion
#region Public Properties
/// <summary>
/// The name of the cookie as it appears in the request and response
/// </summary>
protected string CookieName
{
get { return cookieName; }
set { cookieName = value; }
}
/// <summary>
/// The expiration mode of the cookie (default SlidingExpiration)
/// </summary>
public ExpirationMode ExpirationMode
{
get { return expirationMode; }
}
/// <summary>
/// The timeout in minutes (default 30)
/// </summary>
public int Timeout
{
get { return timeout; }
set { timeout = value; }
}
/// <summary>
/// The cookie domain (default String.Empty)
/// </summary>
public string Domain
{
get { return domain; }
set { domain = value; }
}
/// <summary>
/// Whether or not the cookie is http only (default true)
/// </summary>
public bool HttpOnly
{
get { return httpOnly; }
set { httpOnly = value; }
}
/// <summary>
/// The path of the cookie (default "/")
/// </summary>
public string Path
{
get { return path; }
set { path = value; }
}
/// <summary>
/// Whether or not the cookie supports https (default false)
/// </summary>
public bool Secure
{
get { return secure; }
set { secure = value; }
}
/// <summary>
/// The Value of the cookie (NOTE: this should only be used for setting the value when calling AppendNewCookie().
/// This will not change the value of the cookie after initialization. Use SetCookieValue and GetCookieValue after initialization.
/// </summary>
public string Value
{
get { return cookieValue; }
set { cookieValue = value; }
}
/// <summary>
/// The cookie in the Request
/// </summary>
private HttpCookie RequestCookie
{
get
{
return HttpContext.Current.Request.Cookies.Get(CookieName);
}
}
/// <summary>
/// The cookie in the Response
/// </summary>
private HttpCookie ResponseCookie
{
get
{
return HttpContext.Current.Response.Cookies.Get(CookieName);
}
}
#endregion
#region Constructors
/// <summary>
/// Constructor setting the name of the cookie with Sliding Expiration
/// </summary>
/// <param name="cookieName">the name of the cookie</param>
public BaseCookie(string cookieName)
: this(cookieName, ExpirationMode.SlidingExpiration)
{
}
/// <summary>
/// Constructor setting the name of the cookie and the expiration mode
/// </summary>
/// <param name="cookieName">the name of the cookie</param>
/// <param name="expirationMode">the Olympus.Cookies.ExpirationMode of the cookie</param>
public BaseCookie(string cookieName, ExpirationMode expirationMode)
{
this.cookieName = cookieName;
CookieConfig config = Configuration.CookieConfiguration.Cookies[cookieName];
if (config != null)
{
Domain = config.Domain;
HttpOnly = config.HttpOnly;
Path = config.Path;
Secure = config.Secure;
Timeout = config.Timeout;
}
//EnsureCookie();
}
#endregion
/// <summary>
/// This method ensures that the cookie is not empty if it exists in either the request or response.
/// Due to changes in the cookie model for 2.0, this step is VITAL to cookie management.
/// </summary>
protected void EnsureCookie()
{
//if the cookie doesn't exist in the response (hasn't been altered or set yet this postback)
if (IsNull(ResponseCookie))
{
//if the cookie exists in the request
if (!IsNull(RequestCookie))
{
//get the cookie from the request
HttpCookie cookie = RequestCookie;
//update the expiration
if (ExpirationMode == ExpirationMode.NoExpiration)
{
cookie.Expires = DateTime.Now.AddYears(10);
}
else
{
cookie.Expires = DateTime.Now.AddMinutes(Timeout);
}
//set the cookie into the response
HttpContext.Current.Response.Cookies.Set(cookie);
}
else
{
//if the response and request cookies are null, append a new cookie
AppendNewCookie();
}
}
}
/// <summary>
/// Append an empty cookie to the Response
/// </summary>
public virtual void AppendNewCookie()
{
HttpCookie cookie = new HttpCookie(CookieName);
cookie.Domain = Domain;
cookie.HttpOnly = HttpOnly;
cookie.Path = Path;
cookie.Secure = Secure;
cookie.Value = Value;
if (ExpirationMode == ExpirationMode.NoExpiration)
{
cookie.Expires = DateTime.Now.AddYears(10);
}
else
{
cookie.Expires = DateTime.Now.AddMinutes(Timeout);
}
HttpContext.Current.Response.Cookies.Add(cookie);
}
/// <summary>
/// Determine if the Cookie is null.
/// </summary>
/// <remarks>
/// Due to changes in the 2.0 cookie model, looking in the request or respnse creates an empty cookie with an
/// expiration date of DateTime.MinValue. Previously, a null value was returned. This code calls one of these
/// empty cookies a null cookie.
/// </remarks>
/// <param name="cookie">the cookie to test</param>
/// <returns>System.Boolean true if the cookie is "null"</returns>
protected static bool IsNull(HttpCookie cookie)
{
if (cookie == null)
{
return true;
}
else
{
if (String.IsNullOrEmpty(cookie.Value) && cookie.Expires == DateTime.MinValue)
{
return true;
}
}
return false;
}
/// <summary>
/// Update the expiration of the response cookie
/// <remarks>
/// If this is not done, the cookie will never expire because it will be updated with an expiry of DateTime.Min
/// </remarks>
/// </summary>
protected void SetExpiration()
{
if (ExpirationMode == ExpirationMode.NoExpiration)
{
ResponseCookie.Expires = DateTime.Now.AddYears(10);
}
else
{
ResponseCookie.Expires = DateTime.Now.AddMinutes(Timeout);
}
}
/// <summary>
/// Set the value of a cookie.
/// </summary>
/// <remarks>
/// Setting value will override all attributes.
/// </remarks>
/// <param name="value">the value to set the cookie</param>
public virtual void SetCookieValue(string value)
{
//EnsureCookie();
ResponseCookie.Value = value;
SetExpiration();
}
/// <summary>
/// Get the default value (the first value) of the cookie
/// </summary>
/// <remarks>
/// Getting the value only returns the first value (values[0]) because it has no key.
/// </remarks>
/// <returns>System.String</returns>
public virtual string GetCookieValue()
{
//EnsureCookie();
string returnValue = "";
if (RequestCookie.Values.Count > 0)
{
returnValue = RequestCookie.Values[0];
}
return returnValue;
}
/// <summary>
/// Set a key/value pair
/// </summary>
/// <param name="key">the key for the pair</param>
/// <param name="value">the value to assign to the key</param>
public virtual void SetKeyValue(string key, string value)
{
//EnsureCookie();
ResponseCookie.Values.Set(key, value);
SetExpiration();
}
/// <summary>
/// Get a value for a given key
/// </summary>
/// <param name="key">the key to find a value of</param>
/// <returns>System.String</returns>
public virtual string GetKeyValue(string key)
{
//EnsureCookie();
return RequestCookie.Values[key];
}
/// <summary>
/// Expire the cookie
/// </summary>
public virtual void Expire()
{
//Setting the expiration does not remove the cookie from the next request
ResponseCookie.Expires = DateTime.Now.AddDays(-1);
}
}
我的加密层(不包括电池)
internal sealed class EncryptedCookie : BaseCookie
{
private string decryptedCookieName;
new public string Value
{
get
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
return Encryption.DecryptQueryString(base.Value);
}
else
{
return base.Value;
}
}
set
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
base.Value = Encryption.EncryptQueryString(value);
}
else
{
base.Value = value;
}
}
}
public EncryptedCookie(string cookieName)
: base(cookieName)
{
decryptedCookieName = cookieName;
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
CookieName = Encryption.EncryptQueryString(cookieName);
}
EnsureCookie();
}
public EncryptedCookie(string cookieName, ExpirationMode expirationMode)
: base(cookieName, expirationMode)
{
decryptedCookieName = cookieName;
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
CookieName = Encryption.EncryptQueryString(cookieName);
}
EnsureCookie();
}
public override string GetCookieValue()
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
return Encryption.DecryptQueryString(base.GetCookieValue());
}
else
{
return base.GetCookieValue();
}
}
public override void SetCookieValue(string value)
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
base.SetCookieValue(Encryption.EncryptQueryString(value));
}
else
{
base.SetCookieValue(value);
}
}
public override void SetKeyValue(string key, string value)
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
base.SetKeyValue(Encryption.EncryptQueryString(key), Encryption.EncryptQueryString(value));
}
else
{
base.SetKeyValue(key, value);
}
}
public override string GetKeyValue(string key)
{
if (Configuration.CookieConfiguration.Cookies[decryptedCookieName].EnableEncryption)
{
return Encryption.DecryptQueryString(base.GetKeyValue(Encryption.EncryptQueryString(key)));
}
else
{
return base.GetKeyValue(key);
}
}
}
最后,cookie 管理层将这一切包装起来。
public sealed class Cookie
{
string cookieName;
public Cookie(string cookieName)
{
this.cookieName = cookieName;
}
public void AppendCookie()
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
cookie.AppendNewCookie();
}
public void SetAttribute(string attributeName, string attributeValue)
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
cookie.SetKeyValue(attributeName, attributeValue);
}
public void SetValue(string value)
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
cookie.SetCookieValue(value);
}
public string GetValue()
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
return cookie.GetCookieValue();
}
public string GetAttribute(string attributeName)
{
EncryptedCookie cookie = new EncryptedCookie(cookieName);
return cookie.GetKeyValue(attributeName);
}
}
还有一个自定义配置可以帮助配置 cookie。看起来是这样的:
<cookie>
<cookies>
<!-- enableEncryption: [ true | false ] -->
<!-- expirationMode: [ SlidingExpiration | NoExpiration ] -->
<!-- timeout: the timeout in minutes (Default 30)-->
<!-- httpOnly: [ true | false ] -->
<!-- secure: [ true | false ] -->
<add name="MyCookie" enableEncryption="true" expirationMode="SlidingExpiration" timeout="64800" domain="" httpOnly="true" path="" secure="false" />
</cookies>
</cookie>
现在,我的代码在我的网络应用程序中看起来像这样:
public int MyId
{
get
{
Cookie cookie = new Cookie(ConfigurationHelper.Cookies.MyCookie);
int myId= 0;
try
{
Int32.TryParse(cookie.GetAttribute(BILLERID_KEY), out myId);
}
catch (System.NullReferenceException)
{
//do nothing on purpose.
}
return myId;
}
set
{
Cookie cookie = new Cookie(ConfigurationHelper.Cookies.MyCookie);
cookie.SetAttribute(MY_KEY, value.ToString());
}
}
public void SetMyId(int myId)
{
Cookie cookie = new Cookie(ConfigurationHelper.Cookies.MyCookie);
cookie.SetAttribute(MYID_KEY, myId.ToString());
cookie.AppendCookie();
}
我首先调用该属性来查看用户的 ID 是否已设置。这个调用在每个页面上进行。然后在另一个页面上,用户可以进行身份验证,并将 ID 设置到 cookie 中。这一切都在本地工作,但如果我点击服务器上的主页(其中 id 查找 id)然后进行身份验证,则不会设置 cookie 值。它仍然是空的。
解决方案
问题是你没有打电话
cookie.AppendCookie();
在 MyId 的 set 访问器中?您在 SetMyId 方法中调用它。
其他提示
当您在 HttpContext.Current.Response 上检查 cookie 时,就会创建 cookie。我通过在设置 HttpContext.Current.Items 时粘贴 cookie 的副本来解决此问题。然后,当我需要检查它是否已设置时,我检查 Items 而不是 Response.Cookies。
这不是最优雅的解决方案,但它可以完成工作。
不隶属于 StackOverflow
