In webapithe development process, the leaders of code required to achieve the background and then the front page and app showcase. But can only bite the bullet on. Probably the background process is the automatic generation of a random number or string 4, stored HttpContext.Current.Session, and then transmitted to the rear end of the front end of a web page or landing app, the rear end by comparing HttpContext.Current.Sessionto compare the value of this code is correct pass over, passed or web front end app, and then exhibits controlled by app distal or format. In the process of implementation. Page not found the problem, but the app has a problem with a headache. After each app request the code, HttpContext.Current.Session.SessionIDthe value will change, which I do not want to see. Because SessionIdof the change in value once, Sessionthe code will be lost. Into the FBI several times, finally we found the issues. Here is my personal understanding: each time the front page or app request interface, back-end checks SessionIDis empty, if empty, it will generate a default SessionID, and then return Responsetime, the default sessionIDvalue of a deposit to cookiethe and return to the requesting party, this is generated by default cookieexpiration time is 20 minutes after the return time, but in my implementation, the cookieexpiration time is always now Beijing later than eight hours, which is the UTCtime, because the front page and no judgment cookielogic, so the front page request verification code when and what is not a problem, but when it will request the judge app cookieexpiration time, so after each request cookieis expired, so every time a request is new the SessionID, which need time returned by the backend, without the use of auto-generated cookiereturns Responsebefore, generates its own cookie, and the SessionIDdeposit into, and theCookieExpiration time is set to the correct time. Realization of ideas is probably the case, that's not good or not clear bigwigs also hope forgive me, there can be a lot of ideas exchange, attach the following codes:
Implement authentication code generated and stored:
[HttpGet]
public IHttpActionResult GetVerificationCode(int length=4)
{
if (CodeCreater.CreateCode(length,out string code))
{
HttpContext.Current.Session.Add("VerificationCode", code);
HttpCookie sessionCookie = new HttpCookie("ASP.NET_SessionId")
{
Value = HttpContext.Current.Session.SessionID,
Expires = DateTime.Now.AddHours(8).AddMinutes(30)
};
HttpContext.Current.Response.Cookies.Add(sessionCookie);
return Json(new { result = true, data = code });
}
else
{
return Json(new { result = false, msg = "出现错误" });
}
}
Check verification code is correct code:
if (userModel.VerificationCode == null)
{
return Json(new { result = false, msg = "验证码不能为空" });
}
var test = HttpContext.Current.Session["VerificationCode"].ToString();
if (userModel.VerificationCode.ToUpper() != HttpContext.Current.Session["VerificationCode"].ToString().ToUpper())
{
return Json(new { Result = to false, MSG = "Incorrect verification code"});
}