/// <inheritdoc cref="Owasp.Esapi.Interfaces.IHttpUtilities.ChangeSessionIdentifier()" />
public void ChangeSessionIdentifier()
{
SessionIDManager manager = new SessionIDManager();
string newSessionId = manager.CreateSessionID(HttpContext.Current);
bool redirected = false;
bool IsAdded = false;
manager.SaveSessionID(HttpContext.Current, newSessionId, out redirected, out IsAdded);
}
protected string _AbandonSession()
{
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
SessionIDManager sessionManager = new SessionIDManager();
string sID = sessionManager.CreateSessionID(System.Web.HttpContext.Current);
bool redirected = false;
bool cookieAdded = false;
sessionManager.SaveSessionID(System.Web.HttpContext.Current, sID, out redirected, out cookieAdded);
return sID;
}
private void RegenerateSessionId()
{
var Context = System.Web.HttpContext.Current;
System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager();
string oldId = manager.GetSessionID(Context);
string newId = manager.CreateSessionID(Context);
bool isAdd = false, isRedir = false;
manager.SaveSessionID(Context, newId, out isRedir, out isAdd);
HttpApplication ctx = Context.ApplicationInstance;
HttpModuleCollection mods = ctx.Modules;
System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session");
System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance);
SessionStateStoreProviderBase store = null;
System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;
foreach (System.Reflection.FieldInfo field in fields)
{
if (field.Name.Equals("_store"))
{
store = (SessionStateStoreProviderBase)field.GetValue(ssm);
}
if (field.Name.Equals("_rqId"))
{
rqIdField = field;
}
if (field.Name.Equals("_rqLockId"))
{
rqLockIdField = field;
}
if (field.Name.Equals("_rqSessionStateNotFound"))
{
rqStateNotFoundField = field;
}
}
object lockId = rqLockIdField.GetValue(ssm);
if ((lockId != null) && (oldId != null))
{
store.ReleaseItemExclusive(Context, oldId, lockId);
}
rqStateNotFoundField.SetValue(ssm, true);
rqIdField.SetValue(ssm, newId);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager();
string NewID = Manager.CreateSessionID(Context);
bool redirected = false;
bool IsAdded = false;
Manager.SaveSessionID(Context, NewID, out redirected, out IsAdded);
this.UsuarioL.Focus();
Session.Abandon();
UsuarioL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')");
ContrasenaL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')");
}
}
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Session["Username"] == null && Session.IsNewSession == false)
{
Response.Redirect("Logout.aspx", false);
return;
}
if (globle.UserValue != null && Session.IsNewSession == true)
{
Session["Username"] = globle.UserValue;
Session["Role"] = globle.Role;
Session["Location"] = "";
Session["PF_Index"] = globle.PF_Index;
Session["LoggedIn"] = "Yes";
}
else if (globle.UserValue == null)
{
Response.Redirect("Logout.aspx", false);
return;
}
else
{
HttpContext.Current.Session.Abandon();
HttpContext.Current.Session.Clear();
Session["Username"] = null;
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
Response.Cookies.Add(new HttpCookie("__AntiXsrfToken", ""));
Request.Cookies.Clear();
HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate");
HttpContext.Current.Response.AddHeader("Pragma", "no-cache");
HttpContext.Current.Response.AddHeader("Expires", "0");
Session.Abandon(); // Session Expire but cookie do exist
// Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-30); //Delete the cookie
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-1);
HttpContext.Current.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
Request.Cookies["Asp.net_sessionId"].Expires = DateTime.UtcNow.AddDays(-1d);
Response.Cookies["Asp.net_sessionId"].Value = "";
Response.Cookies["Username"].Value = "";
Response.Cookies.Add(Request.Cookies["Username"]);
Session.RemoveAll();
Session.Abandon();
Session["Username"] = null;
Session.Clear();
ClearCache();
string USER = globle.UserValue;
FormsAuthentication.SignOut();
Context.ApplicationInstance.CompleteRequest();
bool redirected = false;
bool isAdded = false;
System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager();
string NewID = Manager.CreateSessionID(Context);
string OldID = Context.Session.SessionID;
Manager.SaveSessionID(Context, NewID, out redirected, out isAdded);
}
}
catch (Exception)
{
// string USER = globle.UserValue;
// Dictionary<string, string> dic = ((Dictionary<string, string>)Application["Sessions"]);
// ((Dictionary<string, string>)Application["Sessions"]).Remove(USER);
}
}
//tymczasowo nieużywana
private string NewSessionId()
{
SessionIDManager manager = new SessionIDManager();
string newID = manager.CreateSessionID(HttpContext.Current);
bool redirected = false;
bool isAdded = false;
manager.SaveSessionID(HttpContext.Current, newID, out redirected, out isAdded);
return newID;
}
/// <summary>
/// sigh - this fixes a f****d up issue, where previewing pages containing code writing to Session,
/// will breake all subsequent page previews regardless of content. Should you obtain the wisdom as
/// to what exactly is the trick here, I'd love to now. I will leave it as "well, this fix the issue
/// and pass testing. Hurray for Harry Potter and magic!". Oh how I loathe doing that :(
/// </summary>
/// <param name="ctx">the Http context that will be shared between master and child process</param>
private static void AllowChildRequestSessionAccess(HttpContext ctx)
{
SessionIDManager manager = new SessionIDManager();
string oldId = manager.GetSessionID(ctx);
string newId = manager.CreateSessionID(ctx);
bool isAdd = false, isRedir = false;
manager.SaveSessionID(ctx, newId, out isRedir, out isAdd);
HttpApplication ctx2 = (HttpApplication)HttpContext.Current.ApplicationInstance;
HttpModuleCollection mods = ctx2.Modules;
SessionStateModule ssm = (SessionStateModule)mods.Get("Session");
System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance);
SessionStateStoreProviderBase store = null;
System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null;
foreach (System.Reflection.FieldInfo field in fields)
{
if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm);
if (field.Name.Equals("_rqId")) rqIdField = field;
if (field.Name.Equals("_rqLockId")) rqLockIdField = field;
if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field;
}
object lockId = rqLockIdField.GetValue(ssm);
if ((lockId != null) && (oldId != null)) store.ReleaseItemExclusive(ctx, oldId, lockId);
rqStateNotFoundField.SetValue(ssm, true);
rqIdField.SetValue(ssm, newId);
}
/// <summary>
/// 保存当前请求的会话状态
/// </summary>
protected void SaveSessionState()
{
if (Context.Session != null && Context.Session.IsNewSession && !Context.Session.IsCookieless)
{
Context.Response.Cookies.Remove("ASP.NET_SessionId");
bool redirected, cookieAdded; SessionIDManager sidMgr = new SessionIDManager();
sidMgr.SaveSessionID(HttpContext.Current, Context.Session.SessionID, out redirected, out cookieAdded);
}
}
