Login permission verification Session and Cookie usage and BasePage class usage, cookiebasepage

Login permission verification Session and Cookie usage and BasePage class usage, cookiebasepage

Recently, when I was working on an ASP. NET project, I came into contact with the logon permission module. I summarized all the knowledge and methods used for logon.

Note: The implementation result is not described here because verification code verification is relatively simple.

First, use the code generator to generate a project. Take layer-3 as an example. Then, I use the BlogUser table as an example, and then there will be a BlogUser entity class object.

The idea of login: When we log in successfully, we need to store the entity into the session. login-free is also the idea, but when we select login-free, we first log in, then, the user's id is saved to the cookie, and the user's entity is searched through the user's id, and then assigned to the session. Then the session is not empty, so login-free is enabled. So what is our BasePage? First, the BasePage contains the parent class of other pages. Users can access other pages only after login. Then we use the PageBase class and then judge it in the BasePage. If the Session is empty, if you do not log on, you will be redirected to the login page to allow users to log on to other pages.

First, the main code for foreground login:

1 BlogUserBLL bll = new BlogUserBLL (); 2 // 1. go to the database to determine whether the user name and password are correct. 3 List <BlogUser> list = bll. getModelList ("LoginName = '" + name + "' and LoginPwd = '" + md5Pwd + "'"); 4 // 2. determine whether the user set has 6 if (list. count> 0) 7 {8 // 3. save User information to session 9 Context. session ["uInfo"] = list [0]; 10 // 4. determine if the user has selected remember to log on to 11 if (! String. isNullOrWhiteSpace (remember) 12 {13 // 5. remember to save the user ID to the cookie. 14 HttpCookie cookie = new HttpCookie ("uid", list [0]. id. toString (); 15 cookie. expires = DateTime. now. addDays (3); 16 Context. response. cookies. add (cookie); 17} 18 Response. write ("<script> alert ('login successful '); window. location = 'bloglist. aspx '</script> "); 19} 20 else21 {22 Response. write ("<script> alert ('login failed, please try again '); window. location = '/Login. aspx '</script> "); 23} 24 Response. end ();

Second: PageBase classFirst, this class inherits System. web. UI. in fact, this class mainly overrides a method, which involves the lifecycle of the aspx Page and a series of pipeline events. Simply put, this is equivalent to a filter, when you request other pages (which can be accessed only after login), they all inherit from this page, and you will first determine whether you have logged on to the page. If not, then go to the login page.

Main Code

1 protected override void OnInit (EventArgs e) 2 {3 if (Session ["uInfo"] = null) 4 {5 // 1. determine whether the user selects the check box. Remember to log on for three days without logon 6 if (Request. cookies ["uid"]! = Null) 7 {8 BlogUserBLL bll = new BlogUserBLL (); 9 // 2. obtain the data entity 10 BlogUser umodel = bll through the data transferred from the cookie. getModel (int. parse (Request. cookies ["uid"]. value); 11 // 3. save the object to the session 12 Session ["uInfo"] = umodel; 13 return; 14} 15 // 4. jump to the login page 16 Response. redirect ("/Login. aspx "); 17} 18 base. onInit (e); 19}

Note: The BasePage is for the aspx page. For the ashx page, we will have another parent class, which is BaseHandler. The principle is similar and the writing method is still a little different, if you are interested, contact me and I can send it to you. If you have any questions, leave a message.

Use cookies or sessions to determine which logon method is safer

From the java perspective, there seems to be no big difference between cookie and session. session is a special usage of cookie.
When using. net, we recommend that you use session. Generally, files are not stored locally and cannot be cross-origin.
I'm not familiar with your language. Sorry.

For website background login verification, use session or cookie, or verify js directly on the page.

Generally, sessions are used.