Session, cookie, and security support

Source: Internet
Author: User

Today, we will introduce session and cookie support in the isline. httpcontent. httpcontentprovider namespace.

This is a common component in isline framework.ProgramProvides unified cookie configuration attributes, such as Cookie encryption, whether HTTPOnly, whether HTTPS security options are enabled, and the default scope. Cookieprovider is the class in the namespace. When the class is initialized, the Web is automatically loaded. the cookie node configuration in the config file will be loaded to the entire web site after successful reading. These attributes do not need to appear in the program.

Web. comfig node configuration:

Add the following configuration between </configsections> and <appsettings>:

 

Code

  <  Isline. httpcontent. Configuration  > 

< Cookie >

< Cryptography > False </ Cryptography >

< Ishttponly > True </ Ishttponly >

< Issecure > False </ Issecure >

< Domain > Default </ Domain >

</ Cookie >

</ Isline. httpcontent. Configuration >

 

 

Add the following nodes between <configsections> and </configsections>:

<Sectiongroup name = "isline. httpcontent. Configuration">
<Section name = "cookie" type = "isline. Data. configuration. suitconfig"/>
</Sectiongroup>

Then you can use this provider in the program. In the <isline. httpcontent. configuration> in the node, cryptography indicates whether to enable cookie encryption. It has two values: True and fasle. If the value is true, when creating or updating a cookie, the provider will automatically enable isline. security. the encrypting method in the cryptography namespace is encrypted. When the cookie is read, the provider automatically enables isline. security. decrypt the decrypting method in the cryptography namespace. security. the cryptography information will be introduced later. The seed string is used for encryption and decryption. The seed is added to Web. config For Configuration:

<Add key = "isline. Security. configuration. tokenkey" value = "isline"/>

After configuration, the value of the cryptography node can be set to true. In this case, the cookie information on the hard disk is encrypted.

Ishttponly corresponds to the HTTPOnly attribute of the cookie. This attribute indicates whether the user cookie can be obtained only on the server side. If the value is true, client methods such as JavaScript and flash cannot be obtained. This requires browser support for IE6 SP1 or later versions.

Issecure corresponds to the secure attribute of the cookie. If this attribute is true, the cookie can only be transmitted through https or other security protocols, which is invalid in HTTP. Setting the secure attribute does not mean that others cannot see the Cookies stored locally on your machine. It only ensures that the data transmission process between the cookie and the Web server is encrypted, while the cookie files stored locally are not encrypted. If you want to encrypt the Cookies stored locally, set the cryptography node to true.

Domain corresponds to the domain attribute of the cookie, which specifies the cookie scope. For example, there is a site www.abc.com, and then a site similar to isline.abc.com is added. In order to achieve cookie sharing for the web site, you need to reset the cookie domain, at this time, the domain value can be set to abc.com, so that all websites based on abc.com can share cookies.

This is the convenience of cookieprovider. You only need simple configuration to manage the whole site cookie!

 

Cookieprovider also implements the capability interface, but unlike the cache class, it only implements the ibasecapability interface:

  Public ClassCookieprovider: ibasecapability

{

PublicCookieprovider ()

{

//

//Todo: add the constructor logic here

//

}

}

 

 

Ibasecapability interface content:

  Public InterfaceIbasecapability

{

BoolRemove (StringName );

BoolIsexit (StringName );

}

 

 

To use this provider for Cookie operations, you must specify a cookie name. The default cookie does not exist, which is different from the cache. You can use cookies similar to the followingCodeImplementation:

  Cookieprovider CP= NewCookieprovider ();

CP. getcontent ("name ");

Cookieprovider supports the following methods:

Method

Description

String getcontent (string cookiename)

Obtain cookie content

Bool updatecontent (string cookiename, string value)

Create or update a cookie. If the cookie does not exist, the provider automatically creates

Bool updatecontent (string cookiename, string value, datetype date, int Howlong)

Same as above. Datetype indicates the expiration time type, which can be hour or minute. Howlong indicates the specific expiration number, which can be used together with datetype to determine the specific expiration time.

Bool remove ()

Remove all cookies from the site

Bool remove (string cookieprefixname, int cookieprefixnamelength)

Delete a cookie with a certain prefix. cookieprefixname is the prefix, and cookieprefixnamelength is the prefix length (count from 1)

Bool remove (arraylist cookiename, removetype RDBMS)

Arraylist: name of a set of cookies;

Removetype has two enumerated values: removetype. removeinput indicates that the cookie in the input arraylist array is deleted, removetype. removeallexcludeinput indicates that the cookie in the input arraylist array is retained, and other cookies in the site are deleted.

Bool remove (string cookiename)

Remove the specified cookie and pass in the cookie name

Bool remove (INT cookienum)

Remove the specified cookie and pass in the cookie number

Bool isexit (string cookiename)

Determine whether the specified cookie exists and pass in the cookie name

Bool isexit (INT cookienum)

Determine whether the specified cookie exists and pass in the cookie number

 

 

The following describes the session support in the isline. httpcontent. httpcontentprovider namespace.

This component can be used to provide unified session configuration attributes for the whole site program. It is easy to use, and the sessionprovider class also implements icapability, the advantage of using this provider is that it provides programmers with the same access method as accessing the cache and cookie.

 

  Public ClassSessionprovider: icapability

{

PublicSessionprovider ()

{

//

//Todo: add the constructor logic here

//

}

}

 

 

Usage:

 

  Sessionprovider sp= NewSessionprovider ();

Sp. getcontent (sessionname );

 

Method list:

Method

Description

Object getcontent (string sessionname)

Obtains the specified session content.

Bool updatecontent (string sessionname, object value)

Creates or updates a session. If the session does not exist, the provider creates a session.

Bool remove ()

Remove all sessions under the site

Bool remove (string sessionname)

Remove a specified session

Bool isexit (string sessionname)

Determines whether a specified session exists.

 

Note the getcontent () method of sessionprovider and cookieprovider. In sessionprovider, the returned type is object, and the returned string is in cookieprovider. Because cookies are not serializable, only string-type variables can be stored in cookies. Session is serializable and session can store objects. Therefore, after you use getcontent () of sessionprovider to get the session, you also need to use the forced conversion method to obtain the required type.

Isline. httpcontent. httpcontentprovider mainly supports cache, session, and cookie. It provides programmers with unified method names and unified attributes for the entire site. If you want to change these attributes, you only need to modify the configuration file, you do not need to modify the program.

 

Next we will introduce the last namespace, isline. Security. cryptography namespace.

This namespace completes the encryption and decryption process of the string type, which is completed by the class cryptography. There are many such methods. You can use the following common methods:

Method

Description

Static string strengthencrypting (string STR, string key)

Perform secondary encryption based on the encrypting method. Des and Rijndael are used.AlgorithmAnd then move the string location according to the rules to implement encryption. This method is a strong encryption method. The parameter key is a seed

Static string strengthdecrypting (string STR, string key)

Use decryption with the strong encryption method. The parameter key is the seed, and the seed must be consistent with the seed of the strong encryption method.

Static string encrypting (string source, string key)

Encrypts an input string. The parameter key is the seed.

Static string decrypting (string source, string key)

Used in combination with encrypting. It is the decryption method, and the key is the seed. The seed must be consistent with the seed of the encrypting method.

 

User call example:

Introduce namespace:

 
  Using isline. Security. cryptography;

Code:

Code

  String  A  =  Cryptography. strengthencrypting ("encrypted content", "isline ")  // Strong Encryption  

Cryptography. strengthdecrypting (A, "isline "); // Strong encryption and decryption

String B = Cryptography. encrypting ("encrypted content", "isline ") // Common Encryption

Cryptography. Decrypting (B, "isline "); // Common encryption and decryption

 

This namespace is relatively simple to use and will not be further elaborated.

Now, all the namespaces of isline framework have been introduced. The following is an isline framework series.ArticleWill be announcedSource codeAnd configuration information, coming soon.

 

I amAicken) You are welcome to follow my next article.

 Isline framework is an open-source enterprise-level system development framework. It currently has the following series:

 

One of the isline framework series-the first intimate contact

Isline framework Series II-namespaces and contracts

Isline framework Series 3-Seven Weapons

Isline framework Series 4-dataprovider Data Access (I)

Isline framework Series 5-dataprovider Data Access (medium)

Isline framework Series 6-dataprovider Data Access (lower)

Seven isline framework series-applogprovider log framework (I)

Eight isline framework series-applogprovider log framework (II)

Isline framework Series 9-exceptionprocessprovider exception framework (I)

Ten isline framework series -- exceptionprocessprovider exception framework (II)

11 of isline framework series -- httpcontentprovider access Cache

12 of the isline framework series-use session, cookie, and security support

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.