I have an ASP.NET Membership application. I log in as "JONNY" and this is a success. RUPERT then (from a different PC, at a different location) clicks on the members area and he is not prompted to login but he see's Jonny's profile and information. It's as if Jonny clicked "Remember Me", then Rupert comes along top his SAME machine and clicks the link - here, I would expect Rupert to see Jonny's page as it's on the SAME machine and Jonny hasn't logged out. But these two people are in different locations, on difference machines, different IP's etc.
我有一个ASP.NET Membership应用程序。我以“JONNY”登录,这是成功的。然后RUPERT(来自不同的PC,在不同的位置)点击成员区域,他不会被提示登录,但他看到了Jonny的个人资料和信息。这就好像Jonny点击了“Remember Me”,然后Rupert来到他的SAME机器顶部并点击链接 - 在这里,我希望Rupert看到Jonny的页面,因为它在SAME机器上,而Jonny还没有退出。但这两个人在不同的地方,不同的机器,不同的IP等。
How can this be?
怎么会这样?
public ActionResult Login(LoginModel model, string returnUrl)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
// user is logged in here, we know the username is valid...
var memberStore = new MemberStore();
var member = memberStore.GetMemberByUsername(model.UserName);
// but now check if they've confirmed their email
// if not, sign the session out and show inactive account view...
if (!member.IsActive)
{
FormsAuthentication.SignOut();
return View("AccountNotActive");
}
string[] roleNames = Roles.GetRolesForUser(model.UserName);
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
Settings.Setting.UserSession.Member = member;
var viewModel = new MyProfileViewModel { Member = memberStore.GetMemberByUsername(model.UserName) };
viewModel.Role = roleNames[0];
return View("MyProfile", viewModel);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
public ActionResult Logout()
{
Settings.Setting.UserSession.Member = null;
FormsAuthentication.SignOut();
return View("LoggedOut");
}
1 个解决方案
#1
2
Writing an answer so I can show code. A possible quick fix could look something like this:
写一个答案,这样我就可以显示代码。可能的快速修复可能看起来像这样:
public static class UserSession
{
public static SiteMember Member
{
get
{
return HttpContext.Current.Session["Member"] as SiteMember;
}
set
{
HttpContext.Current.Session["Member"] = value;
}
}
}
Static members are ok here because the implementation works on values specific to the current user's session.
静态成员在这里是可以的,因为实现适用于特定于当前用户会话的值。
#1
2
Writing an answer so I can show code. A possible quick fix could look something like this:
写一个答案,这样我就可以显示代码。可能的快速修复可能看起来像这样:
public static class UserSession
{
public static SiteMember Member
{
get
{
return HttpContext.Current.Session["Member"] as SiteMember;
}
set
{
HttpContext.Current.Session["Member"] = value;
}
}
}
Static members are ok here because the implementation works on values specific to the current user's session.
静态成员在这里是可以的,因为实现适用于特定于当前用户会话的值。