????? ?? ???? asp.NET ???? IDs reused ???

???? ?????? ???? ??????
???? ID: 899918 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?????

?? ???? ????? ???? ?? ?? ????? ?? ???? Microsoft asp.NET ???? IDs ????? ??? ???? ????

???? ???????

ASP.NET ???? ?????? ??? ?? ????? ?? ???? ?????-????, ??????????-??????? ???? ?? ???????? ???? ???? ??? ??? ????????? ?? ??? ?? ???? ?????? ???? ???? ??? ?????????? ?? ?????? ?? ??????? ???? ?? ??? ?? ???? ?? ????? ?? ???? ???? ???? ?????? ?????????? ?????? ?? ???? ID. ?????? ?? ????? ??????? ??? ?? ???? ?? ?? ????? ???? ??? ???? ID ?????? ?? ??:
  • ???? ID ?? ?????????? ?? ??????? ?? ???? ???? ?? ?? ???? ???? ?? ?? ??? ???
  • URL ??? ???? ID ?????? ???? ??? ??? ?? ????? ?? ???? ?? ?????? ?? ????.
???? IDs ??? ?? 120-??? ????? ?????? ?? ?? 20-?????? ?? ???????? ???? ?? ?????? ???????? ???? ???? ??? ???????? ???????? ?? ???? ??? ???? URL ??? ????? ??? ?? ???? ??? ?? ??? URL ????????? undergo ???? ?? ??? ???? ??? ???? ??? ?????? ?? ???, ??-???? ?????? ??? ???????? ????? ???? ?? ???? ??? ???? IDs ?? ???????? ???? ?? ??? ?????? ?? ????? ???? ??? ???? IDs ???? ?? ???????? ??????? ??? ?? ???????? ?????? ???

?? ??? ?????????? ???? ???? ??? ??????? ?? ????? ??, ?? ???? ??? asp.NET ???? ?????? ???? ???? ?? ?? ??? ???? ?? ???? ??, ???? ???? "ASP.NET_SessionId" ??? ?? ??? ??????? ?? 20-???? ??? ?? ??? ???? ??? ???

?? ?????????? ?? ?? DNS ????? ??? browses, ??? ??????? ?? ????? ?? ??? ?? sourced ??, ?? ?? ???? ????? ?? ??? ??? ???? ???

?????? ?? ???, app1.tailspintoys.com ?? app2.tailspintoys.com ????? asp.NET ????????? ???? ??? ?????????? app1.tailspintoys.com ?? ???? ??, ?? ???? ??? app2.tailspintoys.com ???? ??, ????? ????????? ?? ???? ????? ???? ???? ?? ?? ?? ???? ID ???????? ????????? ??? ?????????? ?? ???? ?????? ?? ????? ???? ?? ???? ????????? ?? ?? ???? ?????? ?? ???? ???? ??? ???? ???? ???? ID. ?????????

????, ????? ?? ?? ???? ??? ????? ???? IDs ?? ?????? ?? ???? ?????? ?? ???, ??? ?? IDs ???? ?? ???: ?????, ???? ??? ???? ????? ???? ?? ???:
  • ?? ???? ???? ????? ???? ID. ?? ??? ???????? ?? ?? ???, ?? ?? ??? ????????????????? ????? ???? ID ?????
  • Create a new session ID for every ASP.NET application that is in a single domain.
When the Web application requires a logon and offers a log off page or option, we recommend that you clear the session state when the user has logged off the Web site. To clear the session state, call theSession.Abandon?????? ??? TheSession.Abandonmethod lets you flush the session state without waiting for the session state time-out. By default, this time-out is a 20-minute sliding expiration. This expiration is refreshed every time that the user makes a request to the Web site and presents the session ID cookie. TheAbandonmethod sets a flag in the session state object that indicates that the session state should be abandoned. The flag is examined and then acted upon at the end of the page request. Therefore, the user can use session objects within the page after you call theAbandon?????? ??? As soon as the page processing is completed, the session is removed.

?? ?? ???-????????? ???? ?????? ??? ?? ????? ????, ?? ???? ?????? ?????????? HttpCache ??? ???????? ???? HttpCache ??? ?????? ???? ????? ????????? ?? ???? ???? ?? ?????? ???? ??:
  • ???? ??? ????????? ?? ????? ???? ??? ???
  • ???? ?????? ??????? registersSession_OnEnd????? ?????? ????????? ?? ??? ????? ???? ??? ?? ?? ??? ?? ???? ?? ??? ???
???? ?????? ??????? ??? ??? ????? ?? ?? ???? ?????? ???????? ?? ??????? ??, ?? HttpCache ??????? ?? ??? ?? ??????? callbacks ??? ??????? ?????? ???, ?? ??????? raisesSession_OnEnd????? ???????

?? ?? ???? ???? ??, ?? ??????? ?????????? ?? ???? ID ???? ?????? ???? ??? ?????, ???? ?? ???? abandoned ?? ?? ??, ??? ????????? ?? ??? ??? ??? ?????? ?? ?? ???? ID ?? ????? ????? ????? ?? ??? ???? ?????? ?? ?????? ????? ?? ?? ??? ???, ??? ?????????? ?? ?? DNS ??? ???? ???? ????????? ?? ????? ??, ????? ?????????? ???? ?? ????? ?? ??? ???? ???? ?????????? ????????? ?? ?????? ?? ??? ???? ???? ???

???-???, ?? ???? ?? ? ?????? ???? ID. ???: ????? ???? ?? ??? ??? ?? ???? ?? ?? ??? ?? ramifications ???? ???? ID reusing ?? ??? ?? ????? ????? ??? ?????? ?? ???? ?? ?? ???? ID ???? ?? ???? ???? ?? ???:
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
?? ??? ?? ?????? ?? ???? ?????? ?? ????? ?? ???? ???? ?? ?? ???? ?????? ???? ?? ????? ???? ?? ??? ??? ???? ??? ????? ??? ????? ???? ??????? ?? ??????? ???

?? ??? ?????????? ???? ??? ?? ????????? ?? ?? ???? ?????? ????-??? ???? ??, ?? ????????? ?? ???? ?? ??? ?? ????? ?? ?? ???? ?????? ???? ??? ??????? ??? ???? ??? ?? ??????? ?? ???? ?????????? ?? ???????? ???? ?? ??? ??? ?? ????? ?? ?????????? ?? ???? ?????? ???? ?? ????????? ???? ?? ???? ??? ?? ?????? ?? ?? ?? ??? ???? ID ????? ?? ?? ?? ????? ????? (login.aspx) ?? ????? ???, ?? ??? ?? ?? ???? ??????? ?? ???? ?????? ??? ???? ?? ??? ???????? ?? ?????? ???? ?? ??? ???? ???? ??????? ???? ???, ??????????? ?????? ??????? ?? ?????? ?? ????? ?? ???? ?? ???? ?? ????? ?? ??? easiest ?? ????? ??Response.Redirect?????? ??? ????? ?????? ?????? ASP.NET_SessionId ?? ??? ??? ??? ??, ??????? ?? ???? ???? ??????? ????? ???? ??????? ?? ???? ????? ?? ??? ???Response.RedirectLoop. ????? ?? ??? ?? ???? ?? ??? ???????????? ?? ??? ?????? ???????? ??? ?? ???? ???

??, ??? ????? ??? ?????? illustrated ?? ??? ??? ????? ?? ???? ??? ?? ???? ???? ????? ???? ??? ?? ??? ???? ?? ?????????????? ????? ?? ??? ?? ???? ?? ??? ??? ??????? ?? ??????? ???? ??? ??? ?? ??? ?? ????????? ???? ?? no ?? ???? ?? ?????? ???? asp.NET ???? ?? ??? ?? ????? ???? ?? ????? ?? ??? ?? ????? ?? ????? ?? ???, ????? ??? ?? ?????? ?? ?????FormsAuthentication???? ?? ?????????? ?? ???? ???? ????????? ???? ?? ??? ??? ???? ???, ??? ?? ?????? ?? 5 ????? ????-??? ??? ???? ???
private void Page_Load(object sender, System.EventArgs e)
{ 
if( !IsPostBack && 
( Request.Cookies["__LOGINCOOKIE__"] == null ||
Request.Cookies["__LOGINCOOKIE__"].Value == "" ) )
{
//At this point, we do not know if the session ID that we have is a new
//session ID or if the session ID was passed by the client. 
//Update the session ID.

Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));

//To make sure that the client clears the session ID cookie, respond to the client to tell 
//it that we have responded. To do this, set another cookie.
AddRedirCookie();
Response.Redirect( Request.Path );
}

//Make sure that someone is not trying to spoof.
try
{
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt( Request.Cookies["__LOGINCOOKIE__"].Value );

if( ticket == null || ticket.Expired == true ) 
throw new Exception();

RemoveRedirCookie();
}
catch
{
//If someone is trying to spoof, do it again.
AddRedirCookie();
Response.Redirect( Request.Path );
}


Response.Write("Session.SessionID="+Session.SessionID+"<br/>");
Response.Write("Cookie ASP.NET_SessionId="+Request.Cookies["ASP.NET_SessionId"].Value+"<br/>");
} 

private void RemoveRedirCookie() 
{ 
Response.Cookies.Add(new HttpCookie("__LOGINCOOKIE__", "")); 
} 

private void AddRedirCookie()
{

FormsAuthenticationTicket ticket = 
new FormsAuthenticationTicket(1,"Test",DateTime.Now,DateTime.Now.AddSeconds(5), false,""); 
string encryptedText = FormsAuthentication.Encrypt( ticket ); 
Response.Cookies.Add( new HttpCookie( "__LOGINCOOKIE__", encryptedText ) );
}

???

???? ID: 899918 - ????? ???????: 30 ??????? 2010 - ??????: 7.0
???? ???? ???? ??:
  • Microsoft .NET Framework 1.1
??????: 
kbinfo kbhowto kbmt KB899918 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:899918

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com