网站建设安全要求,网站架构推荐,MIUI官方网站开发版,wordpress 代码块目录 多台服务器sessionId共享解决方案#xff1a;ASP.NET Core 参考代码(NET 7):登录处理登录#xff08;请求#xff09;过滤器过滤器使用BaseController 多台服务器sessionId共享
session id是服务器首次与浏览器创建连接时#xff0c;生成的id值#xff0c;存入浏览器… 目录 多台服务器sessionId共享解决方案ASP.NET Core 参考代码(NET 7):登录处理登录请求过滤器过滤器使用BaseController 多台服务器sessionId共享
session id是服务器首次与浏览器创建连接时生成的id值存入浏览器端cookie中值加密的下次请求时浏览器自动带上session值发送给服务器服务器根据cookie中存的session id值提取服务器存的用户信息
基于上面的原理在服务器集群中如果服务器甲与浏览器建立了连接则有个session id如果下一个请求被负载均衡器转发给服务器乙处理则服务器乙与浏览器也会建立一个新的session id因为session的cookie名称相同所以导致session id会被刷新导致一直都没有登录
解决方案
登录成功后将唯一凭据比如【用户id“#”客户端ip“#”当前时间】加密后的值作为cookie的值返回给浏览器,作为登录凭据服务器根据此用户id作为缓存key缓存值就存用户信息。 此时的cookie是可以在集群中传输的服务器可以正常的提取到登录用户的id。
ASP.NET Core 参考代码(NET 7):
登录处理
/// summary///ajax 登录处理/// /summary/// param nameaccount账号/param/// param namepassword密码/param/// returns/returnspublic async TaskIActionResult LoginDo(string account, string password){//GetCustumerIP 获取当前客户端ipvar result await userBLL.DoLoginAsync(account, password, null, GetCustumerIP); if (result.Code 200){var _cookieOptions new CookieOptions(){//Expires DateTime.Now.AddMinutes(30),HttpOnly true, /* 防御XSS攻击 */};//将用户id存入cookie //解决nginx反向代理cookie问题string loginAuthTxt result.Data.Authorize_user_id.ToString() # GetCustumerIP # DateTime.Now.AddHours(12).ToString(yyyy-MM-dd HH:mm:ss.fff);//AES加密string encryUserId AesHelpter.AESEncryptToHex(loginAuthTxt);Response.Cookies.Append(CacheKeyConfig.CookieName_loginAuth, encryUserId, _cookieOptions);}return Json(new Model.Result( result.Msg, result.Code));}
登录请求过滤器
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Web;using Microsoft.AspNetCore.Mvc;
using System.Diagnostics;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Policy;using Microsoft.AspNetCore.Routing;
using Web_rongmeiti_sys.Handler;
using Web_rongmeiti_sys.Model;
using Newtonsoft.Json.Linq;
using Microsoft.JSInterop.Infrastructure;namespace Web_rongmeiti_sys
{/*
IAsyncAuthorizationFilter
IAuthorizationFilter AuthorizeAttribute *//// summary/// 登录验证权限验证action过滤。FunId为空只验证登录不验证权限/// /summarypublic class LoginFilter : Attribute, IAsyncAuthorizationFilter{public LoginFilter(){}public LoginFilter(string funId){FunId funId;}/// summary/// 方法标识id/// /summaryprivate string FunId { get; set; }public Task OnAuthorizationAsync(AuthorizationFilterContext context){获取登录用户id值修改时间2023-8-2 09:37:10 string? userId_encry string.Empty;context.HttpContext.Request.Cookies.TryGetValue(CacheKeyConfig.CookieName_loginAuth, out userId_encry);bool isAjax MyExceptionFilter.IsAjax(context.HttpContext.Request);if (string.IsNullOrWhiteSpace(userId_encry)){//没有登录去登录goto To_login;}//验证cookie值是否有效try{string descValue AesHelpter.AESDecryptByHex(userId_encry);if (descValue.IndexOf(#) -1){goto To_login;}string tokenIP descValue.Split(#)[1];if (!tokenIP.Equals(GetCustumerIP(context))){goto To_login;}string expireTimeStr descValue.Split(#)[2];if (!DateTime.TryParse(expireTimeStr, out DateTime expireTime) ||expireTime DateTime.Now){goto To_login;}}catch (Exception){goto To_login;}if (string.IsNullOrWhiteSpace(FunId)){return Task.CompletedTask;}To_login:if (isAjax){//无权访问//context.Result new UnauthorizedResult();context.Result new JsonResult(new { Code 500, Msg 登录失效请重新登录 }){StatusCode StatusCodes.Status401Unauthorized};return Task.CompletedTask;}//没有登录去登录context.Result new RedirectResult(/user/Login);//删除cookiecontext.HttpContext.Response.Cookies.Delete(CacheKeyConfig.CookieName_loginAuth);return Task.CompletedTask;}/// summary/// 获取访问者ip/// /summarypublic string GetCustumerIP(AuthorizationFilterContext context){var request context.HttpContext.Request;Microsoft.Extensions.Primitives.StringValues ip;//X-Real-IPnginx代理传输的客户端真实ip添加时间2023-8-2 09:42:03 if (request.Headers.TryGetValue(X-Real-IP, out ip)){return ip.ToString();}//获取访问者ipreturn context.HttpContext.Connection.RemoteIpAddress.ToString();}}}过滤器使用
public class HomeController : BaseController
{[LoginFilter]public ActionResult Index(){//当前登录用户var userLoginCurrentLoginUser;return View();}}BaseController
using Microsoft.AspNetCore.Mvc;
using Web_rongmeiti_sys.Business_Interface;
using Web_rongmeiti_sys.DAL_Interface;
using Web_rongmeiti_sys.Model;namespace Web_rongmeiti_sys.Controllers
{/// summary/// 基础控制器/// /summary/// 创建时间2023-6-26 15:44:17 public class BaseController : Controller{/// summary/// 获取访问者ip/// /summarypublic string GetCustumerIP{get{Microsoft.Extensions.Primitives.StringValues ip;//X-Real-IPnginx代理传输的客户端真实ip添加时间2023-8-2 09:42:03 if (Request.Headers.TryGetValue(X-Real-IP, out ip)){return ip.ToString();}//获取访问者ipreturn HttpContext.Connection.RemoteIpAddress.ToString();}}/// summary/// 当前登录用户/// /summarypublic Authorize_user CurrentLoginUser{get{try{获取登录用户id值 2023-8-2 09:42:53 string? userId_encry string.Empty;Request.Cookies.TryGetValue(CacheKeyConfig.CookieName_loginAuth, out userId_encry);if (string.IsNullOrEmpty(userId_encry)){throw new Exception(登录失效userId_encry );}string desc AesHelpter.AESDecryptByHex(userId_encry);string userId desc.Split(#)[0];Authorize_user? user System.Runtime.Caching.MemoryCache.Default.Get(userId) as Authorize_user;if (user null){IUserBusiness userBusiness ServicesHelpter.GetServiceIUserBusiness();long userId2 long.Parse(userId);user userBusiness.GetAsync(userId2).Result;//登录成功缓存用户,缓存12小时System.Runtime.Caching.MemoryCache.Default.Set(userId, user, DateTimeOffset.Now.AddSeconds(43200));}return user;}catch (Exception ex){throw new Exception(获取登录用户异常, ex);}}}}
}
