0

在我的 mvc 4 应用程序中,我正在使用其他一些信息创建身份验证 cookie。如果数据小于 1KB,它可以正常工作,但是当它超过 1Kb 时,cookie 永远不会创建。

据我所知,最大 cookie 大小为 apx 4KB。我的代码如下。

if (result.Status == ActionStatus.Success)
{
    AuctionSiteApplication = result.Data;

    CreateCustomAuthorisationCookie(AuctionSiteApplication.User.Email, obj.RememberMe, new JavaScriptSerializer().Serialize(AuctionSiteApplication));
    if ((AuctionSiteApplication.User.UserType == UserType.SUAdmin) || (AuctionSiteApplication.User.UserType == UserType.Admin))
    {
        return RedirectToAction("Index", "Dashboard", new { area = "Admin" });
    }
    else
    {
        return RedirectToAction("Index", "Home", new { area = "" });
    }
}


protected void CreateCustomAuthorisationCookie(String user_name, Boolean is_persistent, String custom_data)
{
    FormsAuthenticationTicket auth_ticket =
        new FormsAuthenticationTicket(
            1, user_name,
            DateTime.Now,
            DateTime.Now.AddMinutes(30),
            is_persistent, custom_data, ""
        );

    String encrypted_ticket_ud = FormsAuthentication.Encrypt(auth_ticket);
    HttpCookie auth_cookie_ud = new HttpCookie(Cookies.UserCookie, encrypted_ticket_ud);
    if (is_persistent) auth_cookie_ud.Expires = auth_ticket.Expiration;
    System.Web.HttpContext.Current.Response.Cookies.Add(auth_cookie_ud);    
}


protected override void OnAuthorization(AuthorizationContext filter_context)
{
    if (Request.RawUrl.ToLower().Contains("www.")) filter_context.Result = RedirectPermanent(Request.RawUrl.ToLower().Replace("www.", ""));
    HttpCookie auth_cookie = Request.Cookies[Cookies.UserCookie];

    #region If auth cookie is present
    if (auth_cookie != null)
    {
        FormsAuthenticationTicket auth_ticket = FormsAuthentication.Decrypt(auth_cookie.Value);
        AuctionSiteApplication = new JavaScriptSerializer().Deserialize<AuctionSiteApplication>(auth_ticket.UserData);
        System.Web.HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(auth_ticket), null);
        ViewBag.AuctionSiteApplication = AuctionSiteApplication;
        base.OnAuthorization(filter_context);
    }
    #endregion

    // Rest Code 
    ...
}

以下是我试图存储在未保存的 cookie 中的数据

{"User":{"UserID":1,"Email":"abctest@pqr.com","FirstName":"abc","LastName":"Arora","UserType":2,"UserCompanies":[{"CompanyId":35,"CompanyName":"New Company","CompanyRoleId":96,"IsAdmin":true},{"CompanyId":36,"CompanyName":"tryrtyr","CompanyRoleId":103,"IsAdmin":true},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":35,"CompanyName":"New Company","CompanyRoleId":98,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":36,"CompanyName":"tryrtyr","CompanyRoleId":105,"IsAdmin":false}],"IsAuthenticated":true},"Company":{"CompanyId":0,"CompanyName":null,"CompanyRoleId":96,"IsAdmin":true}}

以下是我试图存储在正确保存的 cookie 中的数据

{"User":{"UserID":2,"Email":"abc@pqr.com","FirstName":"abc","LastName":"Arora","UserType":1,"UserCompanies":[{"CompanyId":35,"CompanyName":"New Company","CompanyRoleId":0,"IsAdmin":false},{"CompanyId":36,"CompanyName":"tryrtyr","CompanyRoleId":0,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":0,"IsAdmin":false}],"IsAuthenticated":true},"Company":{"CompanyId":0,"CompanyName":"SUAdmin","CompanyRoleId":2,"IsAdmin":false}}
4

1 回答 1

1

我仍然认为没有理由将这些数据存储在 cookie 中。您必须每次都根据您的数据库验证它们,这样您一无所获。
但是问题是您的数据是 968 (1KB) 字符,并且在加密后它大于 4KB。
更新:
我尝试测试结果,Enrypt 方法生成的加密字符串为 4032 字节。我认为它太接近极限了。使用 cookie 的其他数据,我确信它超出了限制。

于 2013-09-18T10:05:46.350 回答