我有一个 ASP.NET Membership 应用程序。我以“JONNY”身份登录,这是成功的。然后 RUPERT(从不同的 PC,在不同的位置)单击成员区域,他没有被提示登录,但他看到了 Jonny 的个人资料和信息。就好像 Jonny 点击了“记住我”,然后 Rupert 来到他的 SAME 机器上方并点击链接 - 在这里,我希望 Rupert 看到 Jonny 的页面,因为它在 SAME 机器上并且 Jonny 没有注销。但是这两个人在不同的位置,在不同的机器上,不同的 IP 等等。
怎么会这样?
public ActionResult Login(LoginModel model, string returnUrl)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
// user is logged in here, we know the username is valid...
var memberStore = new MemberStore();
var member = memberStore.GetMemberByUsername(model.UserName);
// but now check if they've confirmed their email
// if not, sign the session out and show inactive account view...
if (!member.IsActive)
{
FormsAuthentication.SignOut();
return View("AccountNotActive");
}
string[] roleNames = Roles.GetRolesForUser(model.UserName);
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
Settings.Setting.UserSession.Member = member;
var viewModel = new MyProfileViewModel { Member = memberStore.GetMemberByUsername(model.UserName) };
viewModel.Role = roleNames[0];
return View("MyProfile", viewModel);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
public ActionResult Logout()
{
Settings.Setting.UserSession.Member = null;
FormsAuthentication.SignOut();
return View("LoggedOut");
}