Asp. NET Tutorial: Form to verify user logon cookies

Do user login, I always use form to verify the way. Sometimes, in order to save time, users want the user name input box to remember the user name, so that the next time to re-enter. This is not a good time to use form validation, because form validation, the user quit the system is invalid, so need to use cookies.

I thought it would be easy to do this, but it took a lot of time and did not succeed. Although the user name and password are verified to be correct, the system always refuses to log on and then returns to the login page. Login page User name input box is to remember the user name, but the user name is garbled.

It's so depressing! Once thought the system had been in disorder, restarting the machine is still useless. Repeated checks and tests have found that if you write cookies before form validation, you will refuse to log in. It may be that asp.net, for security reasons, found a cookie that was the same as the from identity, but it was not explicitly prompted.

The solution to this problem is to verify the login and then write the username into the cookie, which will be successful.

The following are the referenced contents: System.Web.Security.FormsAuthentication.SetAuthCookie (username.text,false)//Login ... Write user name to cookies response.cookies["RememberMe"]. Value = Httputility.urlencode (Username.text, System.Text.Encoding.GetEncoding ("gb2312")); response.cookies["RememberMe"]. Expires = DateTime.Now.AddMonths (1);

As for the user name of the input box is displayed as garbled because it is stored in Chinese username, when writing characters to cookies, if you do not do any processing will produce garbled. The workaround is to use URL encoding when writing, and the encoding format needs to be in Chinese format, as shown in the red code above. When you get the value of cookies, do the appropriate decoding:

The following are the referenced contents: Username.text = Httputility.urldecode (request.cookies["RememberMe"). Value, System.Text.Encoding.GetEncoding ("gb2312"));

Another problem is the deletion of Cookies, previously thought to be Response.Cookies.Remove ("RememberMe") can be removed, but that is no effect. The Remove method, which originally called the cookie collection, removes the cookie from the server-side collection so that the cookie is not sent to the client. However, if a Cookie already exists on the client, the method cannot be removed from the client. The workaround is to set the expiration date of the cookie to a previous date, allowing the user's browser to delete the cookie:

The following are the referenced contents: if (response.cookies["rememberme"]!= null) response.cookies["RememberMe"]. Expires = DateTime.Now.AddDays (-1);//delete

The final problem is that cookies created by the browser process (that is, close the browser will automatically empty), the creation method is quite simple, do not set the Expires property is the default browser process cookies.

The code at the end of the key section is attached:

The following are the referenced contents: System.Web.Security.FormsAuthentication.SetAuthCookie (Username.text,false);//login, be sure to verify first if (rememberme.checked)//Then write cookie { if (request.cookies["rememberme"] = = null) { response.cookies["RememberMe"]. Value = Httputility.urlencode (Username.text, System.Text.Encoding.GetEncoding ("gb2312")); response.cookies["RememberMe"]. Expires = DateTime.Now.AddMonths (1); } } Else { if (response.cookies["rememberme"]!= null) response.cookies["RememberMe"]. Expires = DateTime.Now.AddDays (-1);//delete }

When reading the value of cookies:

The following are the referenced contents: if (! IsPostBack) { if (request.cookies["rememberme"]!= null) { Username.text = Httputility.urldecode (request.cookies["RememberMe"). Value, System.Text.Encoding.GetEncoding ("gb2312")); Rememberme.checked = true; } }

To sum up:

1. Write a validation of the same username with form to the cookies, you should first verify after writing cookies, otherwise there will be conflicts, resulting in validation can not pass.

2. The correct way to delete cookies is to set the date of the existing cookie to a date earlier than the current time, and using Cookies.remove is ineffective.

3. Create the browser process cookies, do not set the Expires property on the line, so that the browser will be closed automatically emptied

4.cookies value is the best time to use gb2312 encoding, so as to avoid the production of garbled characters.