In webapi
the development process, the leaders of code required to achieve the background and then the front page and app showcase. But can only bite the bullet on. Probably the background process is the automatic generation of a random number or string 4, stored HttpContext.Current.Session
, and then transmitted to the rear end of the front end of a web page or landing app, the rear end by comparing HttpContext.Current.Session
to compare the value of this code is correct pass over, passed or web front end app, and then exhibits controlled by app distal or format. In the process of implementation. Page not found the problem, but the app has a problem with a headache. After each app request the code, HttpContext.Current.Session.SessionID
the value will change, which I do not want to see. Because SessionId
of the change in value once, Session
the code will be lost. Into the FBI several times, finally we found the issues. Here is my personal understanding: each time the front page or app request interface, back-end checks SessionID
is empty, if empty, it will generate a default SessionID
, and then return Response
time, the default sessionID
value of a deposit to cookie
the and return to the requesting party, this is generated by default cookie
expiration time is 20 minutes after the return time, but in my implementation, the cookie
expiration time is always now Beijing later than eight hours, which is the UTC
time, because the front page and no judgment cookie
logic, so the front page request verification code when and what is not a problem, but when it will request the judge app cookie
expiration time, so after each request cookie
is expired, so every time a request is new the SessionID
, which need time returned by the backend, without the use of auto-generated cookie
returns Response
before, generates its own cookie
, and the SessionID
deposit into, and theCookie
Expiration time is set to the correct time. Realization of ideas is probably the case, that's not good or not clear bigwigs also hope forgive me, there can be a lot of ideas exchange, attach the following codes:
Implement authentication code generated and stored:
[HttpGet]
public IHttpActionResult GetVerificationCode(int length=4)
{
if (CodeCreater.CreateCode(length,out string code))
{
HttpContext.Current.Session.Add("VerificationCode", code);
HttpCookie sessionCookie = new HttpCookie("ASP.NET_SessionId")
{
Value = HttpContext.Current.Session.SessionID,
Expires = DateTime.Now.AddHours(8).AddMinutes(30)
};
HttpContext.Current.Response.Cookies.Add(sessionCookie);
return Json(new { result = true, data = code });
}
else
{
return Json(new { result = false, msg = "出现错误" });
}
}
Check verification code is correct code:
if (userModel.VerificationCode == null)
{
return Json(new { result = false, msg = "验证码不能为空" });
}
var test = HttpContext.Current.Session["VerificationCode"].ToString();
if (userModel.VerificationCode.ToUpper() != HttpContext.Current.Session["VerificationCode"].ToString().ToUpper())
{
return Json(new { Result = to false, MSG = "Incorrect verification code"});
}