我有一个问题,我必须更改由 asp.net 生成的现有会话 ID。
我需要分配我自己的会话 ID。
我尝试仅覆盖会话 ID 管理器(createsession和validate)的方法。但会话中仍保留现有的会话 ID。之后,我看到了一些使用反射处理一些内部字段的代码。
但仍然存在相同的结果旧 sessionid 吗?
我采用了以下代码
HttpSessionState ss = HttpContext.Current.Session;
HttpContext.Current.Session["test"] = "test";
HttpContext.Current.Response.Write(ss.SessionID);
SessionIDManager manager = new SessionIDManager();
manager.RemoveSessionID(System.Web.HttpContext.Current);
ss.Clear();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
MysessionId myId = new MysessionId();
bool redirected = false;
bool IsAdded = false;
string newid = myId.CreateSessionID(System.Web.HttpContext.Current);
myId.SaveSessionID(System.Web.HttpContext.Current, newid, out redirected, out IsAdded);
HttpApplication ctx = (HttpApplication)HttpContext.Current.ApplicationInstance;
HttpModuleCollection mods = ctx.Modules;
System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session");
System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields( BindingFlags.NonPublic|BindingFlags.Instance);
SessionStateStoreProviderBase store = null;
System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;
foreach (System.Reflection.FieldInfo field in fields)
{
if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm);
if (field.Name.Equals("_rqId")) rqIdField = field;
if (field.Name.Equals("_rqLockId")) rqLockIdField = field;
if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field;
}
object lockId = rqLockIdField.GetValue(ssm);
if ((lockId != null) && (ss.SessionID != null)) store.ReleaseItemExclusive(Context, ss.SessionID, lockId);
rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newid);
HttpSessionState s2 = HttpContext.Current.Session;
lblMessage.Text = "changed session id is :" + s2.SessionID;
这里 MysessionId 是我在其中覆盖了 create 和 validate{return true} 方法的类