cookieless为true时,Request.Form无法获取htm表单数据的原因及解决方案

时间:2022-12-26 20:20:52

案例:index.htm----->webform1.aspx

index.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title></title>
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</head>
<body>
<form name="test1" action="WebForm2.aspx" method="post">
 <input type="text" name="uername"><br>
 <input type="password" name="password" >
 <input type="submit" name="submit" value="提交">
</form>
</body>
</html>

 webform1.aspx

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
  <head>
    <title>WebForm2</title>
    <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
    <meta name="CODE_LANGUAGE" content="Visual Basic .NET 7.1">
    <meta name=vs_defaultClientScript content="JavaScript">
    <meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
  </head>
  <body MS_POSITIONING="GridLayout">
<%
Dim userName As String
Dim password As String
userName=Request.Form("username")
password=Request.Form("password")
Response.Write(username)
Response.Write(password)
%>

  </body>
</html>

现象:

若web.config中设置cookieless为True,则index.htm将无法将form中的数据提交给webform1.aspx

若将web.config中的cookiesless改为false,则webform1.aspx可以取得index.htm表单中的数据.

 分析:

这个问题是由一个无cookiesless id的客户端请求的标准处理流程引起的。当程序工作在cookieless模式时,若提交请求的链接中无cookiesless id,则程序将重定位页面请求到自身页面,以建立这样一个cookiesless id(也就是出现在url中的一段小括号里边的字符串),也就是在这个重定位的过程中,客户端提交的数据被丢失。所以webform1.aspx无法取得 index.htm表单中数据。

英文原文:

What is happening here is standard procedure for issuing a cookieless id to a request without one in order to start a session for the client. In the cookieless mode, when we detect that an id was not supplied in the url, we redirect the client to the same page with the new session id embedded in the url. As is happening here, the post variables are lost in the course of the redirect.

----------------------

解决办法:

1. Disable session state for the page with <%@ Page EnableSessionState=false ... %>. If it is required to associate the client with a session later, use some other correlation between this page and the next page that will do the redirect and assign a session, such as a querystring. You can store the posted data that you would normally put in the session on the server (database or file), and then pick them up later. Alternatively you can encrypt them and pass them via querystring.

2. Obtain the session id first by hitting an aspx page and having it redirect to another page with the session id stored in a querystring variable (there are many others ways to do it).

3. Disable cookieless session state for the application (this is the least desired solution here)

------------------------------

Ref:http://forums.asp.net/493348/ShowPost.aspx