3

我有 asp.net webforms application/ 我需要做的是在用户登录时更改 ASP.NET_SessionId。

当用户登录时,我执行以下代码:

SessionIDManager Manager = new SessionIDManager();
string NewID = Manager.CreateSessionID(Context);
bool redirected = false;
bool IsAdded = false;
Manager.SaveSessionID(Context, NewID, out redirected, out IsAdded);

所以, SessionId 在那之后发生了变化。

但是,之后如果我写一些会话变量,例如

Session["username"] = username;

然后在回发后我们的数据丢失或与旧会话 ID 相关联。我们有

Session["username"] == null

请您帮我在更改 SessionId 后如何写入会话变量,以免数据丢失?

4

1 回答 1

5

命令“Manager.SaveSessionID”将删除旧 sessionid 的所有数据。只有一种方法可以保存数据。这是手动移动数据。您在登录按钮中使用以下功能:

...
using System.Web.SessionState;
using System.Reflection;

protected void ReGenerateSessionId()
    {
        SessionIDManager manager = new SessionIDManager();
        string oldId = manager.GetSessionID(Context);
        string newId = manager.CreateSessionID(Context);
        bool isAdd = false, isRedir = false;
        manager.RemoveSessionID(Context);
        manager.SaveSessionID(Context, newId, out isRedir, out isAdd);

        HttpApplication ctx = (HttpApplication)HttpContext.Current.ApplicationInstance;
        HttpModuleCollection mods = ctx.Modules;
        System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session");
        System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance);
        SessionStateStoreProviderBase store = null;
        System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;

        SessionStateStoreData rqItem = null;
        foreach (System.Reflection.FieldInfo field in fields)
        {
            if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm);
            if (field.Name.Equals("_rqId")) rqIdField = field;
            if (field.Name.Equals("_rqLockId")) rqLockIdField = field;
            if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field;

            if ((field.Name.Equals("_rqItem")))
            {
                rqItem = (SessionStateStoreData)field.GetValue(ssm);
            }
        }
        object lockId = rqLockIdField.GetValue(ssm);

        if ((lockId != null) && (oldId != null))
        {
            store.RemoveItem(Context, oldId, lockId, rqItem);
        }

        rqStateNotFoundField.SetValue(ssm, true);
        rqIdField.SetValue(ssm, newId);
    }

protected void Login_Click(object sender, EventArgs e)
{
    if (/*Login success*/)
    {
        ReGenerateSessionId(); // Change SessionID
        Session["User"] = user;
        Response.Redirect("Login_Success.aspx", true);
    }
}
于 2017-06-09T17:06:02.443 回答