roo*_*kie 9 c# asp.net cookies
我正在使用下面的代码创建cookie,如何读取另一个页面中的txtusername值以及如何在单击注销时删除cookie(注销代码).我是编程的新手请帮助.
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now,
DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires = tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);
kak*_*dge 12
您不应该将密码存储为cookie.这是一个非常大的安全威胁.要删除cookie,您只需要修改并使其过期.你无法真正删除它,即将其从用户的磁盘中删除.查看此文档.
这是一个示例:
HttpCookie aCookie;
string cookieName;
int limit = Request.Cookies.Count;
for (int i=0; i<limit; i++)
{
cookieName = Request.Cookies[i].Name;
aCookie = new HttpCookie(cookieName);
aCookie.Expires = DateTime.Now.AddDays(-1); // make it expire yesterday
Response.Cookies.Add(aCookie); // overwrite it
}
您不能直接删除cookie,您必须将其设置为在当前日期之前到期:
if (Request.Cookies["clienDetails"] != null)
{
HttpCookie myCookie = new HttpCookie("clienDetails");
myCookie.Expires = DateTime.Now.AddDays(-1d);
Response.Cookies.Add(myCookie);
}
你可以在这里阅读更多相关信息.
此外,我真的鼓励你不要写自己的安全性,而是阅读asp.net会员资格.更安全,更易于使用.我可以在您的安全模型中看到许多缺陷.将密码以纯文本形式存储在cookie中真的很糟糕.
编辑: 您现在更改了代码,您必须执行此操作以删除cookie:
if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
{
HttpCookie myCookie = new HttpCookie(FormsAuthentication.FormsCookieName);
myCookie.Expires = DateTime.Now.AddDays(-1d);
Response.Cookies.Add(myCookie);
}
| 归档时间: |
|
| 查看次数: |
24480 次 |
| 最近记录: |