zoukankan      html  css  js  c++  java
  • Default Cookies in MVC

    最近,项目上线,远程Portal端,出了点问题。怀疑是后台的Cookie没整理干净。

    根据Portal端的要求,在系统Logout推出之后,将不要的Cookie值进行删除。但是压根在代码设计中没有考虑到Cookie

    的相关设置。

    在Chrome浏览器下,F12调试,后发现了下面两个MVC代码自动生成的Cookie。

    (1): ".ASPXAUTH"

    (2): "__RequestVerificationToken"

    Cookie的生成由下列原代码生成。

    Source Code:
    FormsAuthentication.SetAuthCookie(user.UserName, user.RememberMe);                         => (1)
    @Html.AntiForgeryToken();     =>(2)

    结论:

    (1)The ASPXAUTH cookie is used to determine if a user is authenticated. 客户端验证用
    (2)This is an anti forgery token (prevent CSRF attack). It guarantees that the poster is the one who gets the form.
    It prevents from anybody to forge a link and have it activated by a powered user. 客户端唯一使用程序内部页面

    Rules in use cookies
    a.Size of cookies is limited to 4096 bytes.   大小〈4K
    b.Total 20 cookies can be used on a single website; if you exceed this browser will delete older cookies.  不超过〉20ge
    c.End user can stop accepting cookies by browsers, so it is recommended to check the users’ state and prompt the user to enable cookies.  启动Cookie

    参考文件

    ASP.NET issues an entirely different cookie, named ASP.NET_SessionId, to track session state.
    https://msdn.microsoft.com/en-us/library/ee920427.aspx
    http://www.codeproject.com/Articles/244904/Cookies-in-ASP-NET
    http://stackoverflow.com/questions/33306859/the-required-anti-forgery-cookie-requestverificationtoken-is-not-present

    Love it, and you live without it
  • 相关阅读:
    Charles手机端抓包--证书
    新浪微盘批量下载
    [3140] Sublime Text 2.x, 3.x 通用注册码、密钥集合
    栈的数组实现
    栈的链表实现
    基数排序
    多项式相乘-数组实现
    最大子序列和问题的四种算法
    链表的实现
    时间同步算法与Simple Ring-based election algorithm算法分析-转载
  • 原文地址:https://www.cnblogs.com/tomclock/p/6038421.html
Copyright © 2011-2022 走看看