/// <inheritdoc cref="Owasp.Esapi.Interfaces.IHttpUtilities.ChangeSessionIdentifier()" /> public void ChangeSessionIdentifier() { SessionIDManager manager = new SessionIDManager(); string newSessionId = manager.CreateSessionID(HttpContext.Current); bool redirected = false; bool IsAdded = false; manager.SaveSessionID(HttpContext.Current, newSessionId, out redirected, out IsAdded); }
protected string _AbandonSession() { Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); SessionIDManager sessionManager = new SessionIDManager(); string sID = sessionManager.CreateSessionID(System.Web.HttpContext.Current); bool redirected = false; bool cookieAdded = false; sessionManager.SaveSessionID(System.Web.HttpContext.Current, sID, out redirected, out cookieAdded); return sID; }
private void RegenerateSessionId() { var Context = System.Web.HttpContext.Current; System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); string newId = manager.CreateSessionID(Context); bool isAdd = false, isRedir = false; manager.SaveSessionID(Context, newId, out isRedir, out isAdd); HttpApplication ctx = Context.ApplicationInstance; HttpModuleCollection mods = ctx.Modules; System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) { store = (SessionStateStoreProviderBase)field.GetValue(ssm); } if (field.Name.Equals("_rqId")) { rqIdField = field; } if (field.Name.Equals("_rqLockId")) { rqLockIdField = field; } if (field.Name.Equals("_rqSessionStateNotFound")) { rqStateNotFoundField = field; } } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) { store.ReleaseItemExclusive(Context, oldId, lockId); } rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string NewID = Manager.CreateSessionID(Context); bool redirected = false; bool IsAdded = false; Manager.SaveSessionID(Context, NewID, out redirected, out IsAdded); this.UsuarioL.Focus(); Session.Abandon(); UsuarioL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')"); ContrasenaL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')"); } }
protected void Page_Load(object sender, EventArgs e) { try { if (Session["Username"] == null && Session.IsNewSession == false) { Response.Redirect("Logout.aspx", false); return; } if (globle.UserValue != null && Session.IsNewSession == true) { Session["Username"] = globle.UserValue; Session["Role"] = globle.Role; Session["Location"] = ""; Session["PF_Index"] = globle.PF_Index; Session["LoggedIn"] = "Yes"; } else if (globle.UserValue == null) { Response.Redirect("Logout.aspx", false); return; } else { HttpContext.Current.Session.Abandon(); HttpContext.Current.Session.Clear(); Session["Username"] = null; Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); Response.Cookies.Add(new HttpCookie("__AntiXsrfToken", "")); Request.Cookies.Clear(); HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate"); HttpContext.Current.Response.AddHeader("Pragma", "no-cache"); HttpContext.Current.Response.AddHeader("Expires", "0"); Session.Abandon(); // Session Expire but cookie do exist // Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-30); //Delete the cookie Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-1); HttpContext.Current.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); Request.Cookies["Asp.net_sessionId"].Expires = DateTime.UtcNow.AddDays(-1d); Response.Cookies["Asp.net_sessionId"].Value = ""; Response.Cookies["Username"].Value = ""; Response.Cookies.Add(Request.Cookies["Username"]); Session.RemoveAll(); Session.Abandon(); Session["Username"] = null; Session.Clear(); ClearCache(); string USER = globle.UserValue; FormsAuthentication.SignOut(); Context.ApplicationInstance.CompleteRequest(); bool redirected = false; bool isAdded = false; System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string NewID = Manager.CreateSessionID(Context); string OldID = Context.Session.SessionID; Manager.SaveSessionID(Context, NewID, out redirected, out isAdded); } } catch (Exception) { // string USER = globle.UserValue; // Dictionary<string, string> dic = ((Dictionary<string, string>)Application["Sessions"]); // ((Dictionary<string, string>)Application["Sessions"]).Remove(USER); } }
//tymczasowo nieużywana private string NewSessionId() { SessionIDManager manager = new SessionIDManager(); string newID = manager.CreateSessionID(HttpContext.Current); bool redirected = false; bool isAdded = false; manager.SaveSessionID(HttpContext.Current, newID, out redirected, out isAdded); return newID; }
/// <summary> /// sigh - this fixes a f****d up issue, where previewing pages containing code writing to Session, /// will breake all subsequent page previews regardless of content. Should you obtain the wisdom as /// to what exactly is the trick here, I'd love to now. I will leave it as "well, this fix the issue /// and pass testing. Hurray for Harry Potter and magic!". Oh how I loathe doing that :( /// </summary> /// <param name="ctx">the Http context that will be shared between master and child process</param> private static void AllowChildRequestSessionAccess(HttpContext ctx) { SessionIDManager manager = new SessionIDManager(); string oldId = manager.GetSessionID(ctx); string newId = manager.CreateSessionID(ctx); bool isAdd = false, isRedir = false; manager.SaveSessionID(ctx, newId, out isRedir, out isAdd); HttpApplication ctx2 = (HttpApplication)HttpContext.Current.ApplicationInstance; HttpModuleCollection mods = ctx2.Modules; SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm); if (field.Name.Equals("_rqId")) rqIdField = field; if (field.Name.Equals("_rqLockId")) rqLockIdField = field; if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field; } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) store.ReleaseItemExclusive(ctx, oldId, lockId); rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
/// <summary> /// 保存当前请求的会话状态 /// </summary> protected void SaveSessionState() { if (Context.Session != null && Context.Session.IsNewSession && !Context.Session.IsCookieless) { Context.Response.Cookies.Remove("ASP.NET_SessionId"); bool redirected, cookieAdded; SessionIDManager sidMgr = new SessionIDManager(); sidMgr.SaveSessionID(HttpContext.Current, Context.Session.SessionID, out redirected, out cookieAdded); } }