After change SessionID data in Session variables is lost

Posted chucklu

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了After change SessionID data in Session variables is lost相关的知识,希望对你有一定的参考价值。

After change SessionID data in Session variables is lost

Command "Manager.SaveSessionID" will remove all data of old sessionid. There is only one way to keep data. It‘s manual move data. You use the function below into login button:

 

...
using System.Web.SessionState;
using System.Reflection;

protected void ReGenerateSessionId()
    {
        SessionIDManager manager = new SessionIDManager();
        string oldId = manager.GetSessionID(Context);
        string newId = manager.CreateSessionID(Context);
        bool isAdd = false, isRedir = false;
        manager.RemoveSessionID(Context);
        manager.SaveSessionID(Context, newId, out isRedir, out isAdd);

        HttpApplication ctx = (HttpApplication)HttpContext.Current.ApplicationInstance;
        HttpModuleCollection mods = ctx.Modules;
        System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session");
        System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance);
        SessionStateStoreProviderBase store = null;
        System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;

        SessionStateStoreData rqItem = null;
        foreach (System.Reflection.FieldInfo field in fields)
        {
            if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm);
            if (field.Name.Equals("_rqId")) rqIdField = field;
            if (field.Name.Equals("_rqLockId")) rqLockIdField = field;
            if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field;

            if ((field.Name.Equals("_rqItem")))
            {
                rqItem = (SessionStateStoreData)field.GetValue(ssm);
            }
        }
        object lockId = rqLockIdField.GetValue(ssm);

        if ((lockId != null) && (oldId != null))
        {
            store.RemoveItem(Context, oldId, lockId, rqItem);
        }

        rqStateNotFoundField.SetValue(ssm, true);
        rqIdField.SetValue(ssm, newId);
    }

protected void Login_Click(object sender, EventArgs e)
{
    if (/*Login success*/)
    {
        ReGenerateSessionId(); // Change SessionID
        Session["User"] = user;
        Response.Redirect("Login_Success.aspx", true);
    }
}

 

https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET

protected void Page_Load(object sender, EventArgs e)
{
    if (Session["LoggedIn"] != null)
    {
        lblMessage.Text = "Congratulations !, you are logged in.";
        lblMessage.ForeColor = System.Drawing.Color.Green;
        btnLogout.Visible = true;
    }
    else
    {
        lblMessage.Text = "You are not logged in.";
        lblMessage.ForeColor = System.Drawing.Color.Red;
    }
}

protected void LoginMe(object sender, EventArgs e)
{
    // Check for Username and password (hard coded for this demo)
    if (txtU.Text.Trim().Equals("u") && txtP.Text.Trim().Equals("p"))
    {
        Session["LoggedIn"] = txtU.Text.Trim();
    }
    else
    {
        lblMessage.Text = "Wrong username or password";
    }
}

protected void LogoutMe(object sender, EventArgs e)
{
    Session.Clear();
    Session.Abandon();
    Session.RemoveAll();
}

 

以上是关于After change SessionID data in Session variables is lost的主要内容,如果未能解决你的问题,请参考以下文章

git unstaged changes after reset

Jamie and Binary Sequence (changed after round) - CodeForces 916B

ExpressionChangedAfterItHasBeenCheckedError: Expression has changed after it was checked. Previous v

CodeForces-916B-Jamie and Binary Sequence(changed after round)(构造)

Leetcode 1702. Maximum Binary String After Change

Codeforces 916B - Jamie and Binary Sequence (changed after round)