自动登录、记住我(保存登陆状态)实现
自動(dòng)登錄、記住我(保存登陸狀態(tài))實(shí)現(xiàn):
保存在客戶端
不能用session,可以用cookies保存
實(shí)現(xiàn)方式:
第一種方法:
可以把SessionId(GUID)放到cookies中,但
這樣為了讓用戶下次訪問我們網(wǎng)站時(shí),知道這
個(gè)sessionId對(duì)應(yīng)的是哪一個(gè)用戶,我們還要在
數(shù)據(jù)庫中建張表。
表字段:
主鍵,UserIdSessionId時(shí)間
缺點(diǎn):不能在兩臺(tái)機(jī)器上同時(shí)保存
第二種方法:
把UserId放cookies中密碼(加密)
相對(duì)于第一種方法優(yōu)點(diǎn):多臺(tái)機(jī)器可以保存
缺點(diǎn):不安全,密碼放到了客戶端。
第二種方法實(shí)現(xiàn)代碼:
頁面加載讀取Cookie判斷,正確寫入Session,轉(zhuǎn)向
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.Cookies["cUser"] != null && Request.Cookies["cPwd"] != null)
{
string cUser = Request.Cookies["cUser"].Value;
string cPwd = Request.Cookies["cPwd"].Value;
string sqlPwd = "";
BookShop.Model.User oneUser = bll.Exists(cUser);
if (oneUser != null)
{
#region MyRegion
//說明存在cUser
if (cPwd.Length > 2)//防止用戶修改Cookie中的密碼報(bào)錯(cuò)
{
string salt = cPwd.Substring(0, 2);
sqlPwd = oneUser.LoginPwd;
sqlPwd = Encrypt(sqlPwd, salt);
if (cPwd == sqlPwd)
{
//保存Session狀態(tài)
Session["user"] = oneUser;
//轉(zhuǎn)向
#region MyRegion
if (Request.QueryString["returnUrl"] == null)
{
//登陸成功,轉(zhuǎn)向首頁
Response.Redirect("/member/ShowMessage.aspx?returnUrl=" + Server.UrlEncode("/Default.aspx") + "&msg=" + Server.UrlEncode("自動(dòng)登陸成功") + "&txt=" + Server.UrlEncode("轉(zhuǎn)向首頁"));
}
else
{
//登陸成功,轉(zhuǎn)向上次訪問頁面
string returnUrl = Request.QueryString["returnUrl"];
Response.Redirect(returnUrl);
}
#endregion
}
}
#endregion
}
//如果Cookies出錯(cuò)...清除cookie
ClearLoginCookie();
}
}
}
//頁面登陸
protected void btnLogin_Click(object sender, ImageClickEventArgs e)
{
if (!Page.IsValid)
{
return;
}
string uid = txtLoginId.Text.Trim();
string pwd = txtLoginPwd.Text.Trim();
BookShop.Model.User oneUser;
UserManager bll = new UserManager();
bool result = bll.Login(uid, pwd, out oneUser);
if (result)
{
//保存session
Session["user"] = oneUser;
//保存Cookie狀態(tài)
if (cbAutoLogin.Checked)
{
HttpCookie cUser = new HttpCookie("cUser", uid);
HttpCookie cPwd = new HttpCookie("cPwd", Encrypt(oneUser.LoginPwd));
cUser.Expires = DateTime.Now.AddYears(10);
cPwd.Expires = DateTime.Now.AddYears(10);
Response.Cookies.Add(cUser);
Response.Cookies.Add(cPwd);
}
if (Request.QueryString["returnUrl"] == null)
{
//登陸成功,轉(zhuǎn)向首頁
Response.Redirect("/Default.aspx");
}
else
{
//登陸成功,轉(zhuǎn)向上次訪問頁面
string returnUrl = Request.QueryString["returnUrl"];
Response.Redirect("/member/ShowMessage.aspx?returnUrl=" + HttpContext.Current.Server.UrlEncode(returnUrl) + "&msg=" + Server.UrlEncode("登陸成功") + "&txt=" + Server.UrlEncode("轉(zhuǎn)向上次訪問頁面"));
}
}
else
{
//登陸失敗,提示錯(cuò)誤信息
Page.ClientScript.RegisterStartupScript(this.GetType(), Guid.NewGuid().ToString(), "alert('用戶名或密碼錯(cuò)誤!');", true);
}
}
/// <summary>
/// 對(duì)密碼進(jìn)行MD5加密
/// </summary>
/// <param name="pwd"></param>
/// <returns></returns>
protected string Encrypt(string pwd)
{
return Encrypt(pwd, null);
}
/// <summary>
/// MD5加密方法擴(kuò)展
/// </summary>
/// <param name="pwd"></param>
/// <returns></returns>
protected string Encrypt(string pwd, string salt)
{
//加密規(guī)則: salt+md5(salt+md5(pwd+"zfx"))
MD5 md5 = MD5.Create();//MD5加密方法
byte[] buffer = System.Text.Encoding.UTF8.GetBytes(pwd + "zfx");
buffer = md5.ComputeHash(buffer);
string str = "";
for (int i = 0; i < buffer.Length; i++)
{
str += buffer[i].ToString("X2");
}
if (salt == null)
{
Random r = new Random();
salt = ((char)(r.Next(65, (65 + 26)))).ToString() + ((char)(r.Next(65, (65 + 26)))).ToString();
}
str = salt + str;
str = CommenCodes.CommenCodes.Md5(str); //調(diào)用其他類庫中 MD5實(shí)現(xiàn)方法,具體實(shí)現(xiàn)見本方法之前
return (salt + str);
}
/// <summary>
/// (在服務(wù)器端)清除客戶端cookie
/// </summary>
private void ClearLoginCookie()
{
//在服務(wù)器端清除客戶端cookie
HttpCookie cUser = new HttpCookie("cUser");//新建兩個(gè)跟之前同名的cookie,用于覆蓋客戶端的cookie
HttpCookie cPwd = new HttpCookie("cPwd");
cUser.Expires = DateTime.Now.AddYears(-10);//設(shè)置過期時(shí)間為過期
cPwd.Expires = DateTime.Now.AddYears(-10);
Response.Cookies.Add(cUser);
Response.Cookies.Add(cPwd);
}
自動(dòng)登錄絕對(duì)不安全,有安全隱患
進(jìn)入網(wǎng)站后,對(duì)于關(guān)鍵步驟再次要求用戶輸入密碼
總結(jié)
以上是生活随笔為你收集整理的自动登录、记住我(保存登陆状态)实现的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 智能电视软件(免费的电视直播软件app)
- 下一篇: 连州水晶梨介绍