Asp. netsession
This article describes how to prevent malicious refreshing Cookies and sessions on the asp.net website. It is a very practical technique in WEB programming. Share it with you for your reference. The specific implementation method is as follows:
Session implementation method:
Public double time; public const int freetime = 1; // anti-freezing interval, currently 1 second # region Anti-malicious refresh if (Session. sessionID = null) {Response. end ();} else if (Session ["sionid"] = null) {Session ["sionid"] = Session. sessionID;} if (Session ["last"] = null) {Session ["last"] = DateTime. now;} else {DateTime thisTime = DateTime. now; DateTime lastTime = DateTime. parse (Session ["last"]. toString (); if (Session. sessionID = Session ["sionid"]. toString () Session ["last"] = thisTime; TimeSpan ts = thisTime-lastTime; time = ts. totalMilliseconds; if (time <freetime * 500) {warm_prompt () ;}# endregionpublic void warm_prompt () {Response. write ("<table width = '000000' border = '0' align = 'center' cellpadding = '3' cellspacing = '2' bgcolor = '#778 'style = 'font -size: 14px; '> "); Response. write ("<tr bgcolor = '# ffff'>"); Response. write ("<td> </td>"); Response. write ("<td bgcolor = '# EEFFEE' to ensure your access security, please" + freetime + "seconds later <a href = '" + Request. rawUrl + "'target = '_ self' style = 'color: # FF0000; '> click here to refresh </a> This page </td>"); Response. write ("</tr>"); Response. write ("</table>"); Response. end ();}
Cookies:
Public double time; public const int freetime = 2; # region Anti-malicious refresh string page; if (Request. cookies ["page"] = null) {page = "";} else {page = HttpContext. current. request. cookies ["page"]. value. toString (); // obtain the url value stored in the cookie} string strThisPage = HttpContext. current. request. url. pathAndQuery. toString (); // get the current page address DateTime LastTime = DateTime. now; if (page. equals (strThisPage) // If the cookie value is the same as the current page, it indicates a refresh operation {Ti MeSpan ts = LastTime-DateTime. parse (HttpContext. current. request. cookies ["time"]. value. toString (); time = ts. seconds; if (time <freetime) {warm_prompt () ;}} else {// execute the Response operation. cookies ["page"]. value = strThisPage; Response. cookies ["time"]. value = LastTime. toString () ;}# endregionpublic void warm_prompt () {Response. write ("<table width = '000000' border = '0' align = 'center' cellpadding = '3' cellspacing =' 2 'bgcolor = '#009900 'style = 'font-size: 14px;'> "); Response. write ("<tr bgcolor = '# ffff'>"); Response. write ("<td> </td>"); Response. write ("<td bgcolor = '# EEFFEE' to ensure your access security, the page will automatically jump to the content you want to access in 2 seconds! </Td> "); Response. write ("</tr>"); Response. write ("</table>"); Response. write ("<meta http-equiv = \" refresh \ "content = \" 2 \ "; URL =" + HttpContext. current. request. cookies ["page"]. value. toString () + ">"); Response. end ();}
I believe this article has some reference value for your asp.net program design.
How does aspnet handle query errors when the Session is empty?
If (Session ["theName"] = null)
{
//....
}
//////////////////
If (Request. Cookies ["theCName"] = null)
{
//....
}
How does aspnet prevent Session loss?
I store both cookies and sessions at the same time. Once the session is null, the values will go to the cookie.
The session is very unstable, and it is useless to set the time. It can only be used for instantaneous value transfer between pages. It must be used as a database.