我有 2 个独立的 ASP.NET Web 应用程序,当我从 Visual Studio 本地运行它们或从部署它们的远程 IIS 服务器运行它们时,尽管我在服务器上使用单独的应用程序池,但它们始终使用相同的会话状态。
详情如下。我的代码或配置做错了什么?当我为每个应用程序使用不同的浏览器时,它似乎工作正常。
网络应用程序1
a) 通过登录表单进行身份验证
Response.Cookies.Add(New HttpCookie("ASP.NET_zebs-admin_SessionId", String.Empty))
If Not String.IsNullOrEmpty(Me.Request.QueryString("ReturnUrl")) Then
FormsAuthentication.RedirectFromLoginPage(UserEmail, False)
Else
FormsAuthentication.SetAuthCookie(UserEmail, False)
Response.Redirect(FormsAuthentication.DefaultUrl, False)
End If
b)
web.config<sessionState mode="InProc" timeout="30"
regenerateExpiredSessionId="true"
cookieName="ASP.NET_zebs-admin_SessionId" />
网络应用程序2
a) 通过登录表单进行身份验证
Response.Cookies.Add(New HttpCookie("ASP.NET_Zebs_SessionId", String.Empty))
If Not String.IsNullOrEmpty(Me.Request.QueryString("ReturnUrl")) Then
FormsAuthentication.RedirectFromLoginPage(UserEmail, False)
Else
FormsAuthentication.SetAuthCookie(UserEmail, False)
Response.Redirect(FormsAuthentication.DefaultUrl, False)
End If
B)
web.config<sessionState mode="InProc" timeout="30"
regenerateExpiredSessionId="true"
cookieName="ASP.NET_Zebs_SessionId"/>`
我想要每个网络应用程序都有单独的会话状态
根据我的经验,这可能是由应用程序的两个实例的 Web.Config 文件中的相同 MachineKey 引起的。站点的每个实例都应该有自己唯一的 MachineKey。
<configuration>
<system.web>
<machineKey validationKey="9F22CD0D3DC702FDB7B909820B13E3409B70EF452DA45A5C94EC7A4AE229F3F2FE3A713F78580E7F1719464EC2ED4107DC46DD3BDD5B9B4DA1EDC04CB0336441" decryptionKey="4FD2EAE1C815D7E4FD59F278494F1EFE2E40246E22CB6A04EB9565D7889FEACF" validation="SHA1" decryption="AES" />
</system.web>
</configuration>
上面是我使用下面的代码随机生成的示例 MachineKey。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace KeyGen
{
/// <summary>
/// Version arguments to MachineKey.Generate() method.
/// </summary>
public enum MachineKeyVersion
{
/// <summary>
/// .NET version 1.1.
/// </summary>
Net1,
/// <summary>
/// .NET version 2.0 and up.
/// </summary>
Net2,
}
public class MachineKey
{
/// <summary>
/// Generates the contents of a machineKey element suitable for use in
/// an ASP.NET web.config file.
/// </summary>
/// <param name="version">Indicates if keys should be generated for
/// ASP.NET 1.1 or 2.0 and later.</param>
public static string Generate(MachineKeyVersion version)
{
// Generate keys
string validationKey = GenerateKey(64);
string decryptionKey;
if (version == MachineKeyVersion.Net1)
decryptionKey = GenerateKey(24);
else
decryptionKey = GenerateKey(32);
// Construct <machineKey> tag
StringBuilder builder = new StringBuilder();
builder.Append("<machineKey");
builder.AppendFormat(" validationKey=\"{0}\"", validationKey);
builder.AppendFormat(" decryptionKey=\"{0}\"", decryptionKey);
builder.Append(" validation=\"SHA1\"");
if (version == MachineKeyVersion.Net2)
builder.Append(" decryption=\"AES\"");
builder.Append(" />");
return builder.ToString();
}
/// <summary>
/// Generates a string of random hex digits of the specified
/// number of bytes.
/// </summary>
/// <param name="length">Number of bytes to generate</param>
protected static string GenerateKey(int length)
{
RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
byte[] buff = new byte[length];
rngCsp.GetBytes(buff);
StringBuilder sb = new StringBuilder(buff.Length * 2);
for (int i = 0; i < buff.Length; i++)
sb.Append(string.Format("{0:X2}", buff[i]));
return sb.ToString();
}
}
}