我在登陆时,把用户名和角色保存在cookie里面;在注销时把cookie里面的值给清空了,但我下次浏览页面时,不用登陆也能进到管理员页面里,什么原因???登陆页面代码:#region "登陆"
protected void btnlogin_Click(object sender, EventArgs e)
{
HttpCookie userId = new HttpCookie("loginId");
//HttpCookie userPwd = new HttpCookie("loginPwd");
HttpCookie roleId = new HttpCookie("roleId");
string name= txtUserName.Text.Trim();
string pwd = txtPwd.Text.Trim();
string roles = ddlselect.SelectedValue;
int result = SEC_USERManager.GetLoginByIdPwd(name, pwd);
if (result>0)
{
userId.Value = name;
//userPwd.Value = pwd;
roleId.Value = roles;
//设置过期时间
userId.Expires = DateTime.Now.AddDays(1);
//userPwd.Expires = DateTime.Now.AddMinutes(1);
roleId.Expires = DateTime.Now.AddDays(7); Response.Cookies.Add(userId);
//Response.Cookies.Add(userPwd);
Response.Cookies.Add(roleId); Response.Redirect("Main.aspx");
}
else
{
Response.Write("请重新登陆");
return;
}
}
#endregion
注销按钮代码:#region "注销"
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
{
Request.Cookies["loginId"].Value = null;
Request.Cookies["roleId"].Value = null;
ClientScript.RegisterStartupScript(GetType(), "", "<script>javascript:window.parent.location='LoginSys.aspx'</script>");
}
#endregion
ASP.NETCookieCookie清空Cookie过期时间
protected void btnlogin_Click(object sender, EventArgs e)
{
HttpCookie userId = new HttpCookie("loginId");
//HttpCookie userPwd = new HttpCookie("loginPwd");
HttpCookie roleId = new HttpCookie("roleId");
string name= txtUserName.Text.Trim();
string pwd = txtPwd.Text.Trim();
string roles = ddlselect.SelectedValue;
int result = SEC_USERManager.GetLoginByIdPwd(name, pwd);
if (result>0)
{
userId.Value = name;
//userPwd.Value = pwd;
roleId.Value = roles;
//设置过期时间
userId.Expires = DateTime.Now.AddDays(1);
//userPwd.Expires = DateTime.Now.AddMinutes(1);
roleId.Expires = DateTime.Now.AddDays(7); Response.Cookies.Add(userId);
//Response.Cookies.Add(userPwd);
Response.Cookies.Add(roleId); Response.Redirect("Main.aspx");
}
else
{
Response.Write("请重新登陆");
return;
}
}
#endregion
注销按钮代码:#region "注销"
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
{
Request.Cookies["loginId"].Value = null;
Request.Cookies["roleId"].Value = null;
ClientScript.RegisterStartupScript(GetType(), "", "<script>javascript:window.parent.location='LoginSys.aspx'</script>");
}
#endregion
ASP.NETCookieCookie清空Cookie过期时间
userId.Expires = DateTime.Now.AddDays(1);
//userPwd.Expires = DateTime.Now.AddMinutes(1);
roleId.Expires = DateTime.Now.AddDays(7); 设置了有效期
roleId.Expires 这个7天后过期,元方,你怎么看
roleId.Expires = DateTime.Now.AddDays(-1);
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
{
if (Request.Cookies["loginId"]!=null)
{
HttpCookie cookie = new HttpCookie("loginId");
cookie.Expires = DateTime.Now.AddDays(-1);
}
if (Request.Cookies["loginId"] != null)
{
HttpCookie cookie = new HttpCookie("roleId");
cookie.Expires = DateTime.Now.AddDays(-1);
}
//Request.Cookies["loginId"].Value = null;
//Request.Cookies["roleId"].Value= null;
ClientScript.RegisterStartupScript(GetType(), "", "<script>javascript:window.parent.location='LoginSys.aspx'</script>");
}
#endregion
在注销页面我把cookie设为过期;如果在我退出程序时,把cookie的值为null这两种种方法使页面转到“登陆”,这两种方法有什么不同???
这样:
HttpCookie cookie = new HttpCookie("MyCookieName", null);
cookie.Expires = new DateTime(1900, 1, 1);
Response.Cookies.Add(cookie);
紧紧是在服务器端修改了内存中抽象的cookie对象的过期时间有毛用啊
cookie是保存在本地电脑上,
.net并没有直接操纵客户端上cookie的能力
再次请求该域名时,浏览器将cookie一并发送出来,
.net处理后将cookie返回,
浏览器根据返回的cookie更新本地保存的cookie
你将cookie.value设为null,只是更新了cookie的值,估计应该是""吧,但cookie仍然存在,也没有过期,下次还会再次发送,.net还能获取cookie名,自然不会为null
你要注销,只需让.net返回一个过期时间小于当前时间的cookie去覆盖之前本地的cookie
这样,下次请求时浏览器判断cookie过期了,自然不会再发送,.net获取到的cookie就是null了
少写一句话Response.Cookies.Add(cookie);谢谢各位的帮忙