Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
, Cookie 。 Cookie。
, Cookie( )。 , Cookie。 (login.aspx) ID, Cookie 。 , Cookie 。 , 。 Cookie “Response.Redirect” 。 Cookie ASP.NET_SessionId , Cookie , “Response.Redirect” 。 。
, Cookie , 。 , ASP.NET Cookie Cookie , “FormsAuthentication” Cookie 。 , 5 。
private void Page_Load(object sender, System.EventArgs e)
{
if( !IsPostBack &&
( Request.Cookies["__LOGINCOOKIE__"] == null ||
Request.Cookies["__LOGINCOOKIE__"].Value == "" ) )
{
//At this point, we do not know if the session ID that we have is a new
//session ID or if the session ID was passed by the client.
//Update the session ID.
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
//To make sure that the client clears the session ID cookie, respond to the client to tell
//it that we have responded. To do this, set another cookie.
AddRedirCookie();
Response.Redirect( Request.Path );
}
//Make sure that someone is not trying to spoof.
try
{
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt( Request.Cookies["__LOGINCOOKIE__"].Value );
if( ticket == null || ticket.Expired == true )
throw new Exception();
RemoveRedirCookie();
}
catch
{
//If someone is trying to spoof, do it again.
AddRedirCookie();
Response.Redirect( Request.Path );
}
Response.Write("Session.SessionID="+Session.SessionID+"<br/>");
Response.Write("Cookie ASP.NET_SessionId="+Request.Cookies["ASP.NET_SessionId"].Value+"<br/>");
}
private void RemoveRedirCookie()
{
Response.Cookies.Add(new HttpCookie("__LOGINCOOKIE__", ""));
}
private void AddRedirCookie()
{
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1,"Test",DateTime.Now,DateTime.Now.AddSeconds(5), false,"");
string encryptedText = FormsAuthentication.Encrypt( ticket );
Response.Cookies.Add( new HttpCookie( "__LOGINCOOKIE__", encryptedText ) );
}
:Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
Session.Abandon(); Session.clear(); ,
Session.Abandon , Session_End (InProc )。
Session_Start 。
Session.Clear Session Session, 。
Session.Abandon() , clear()