1. 首页
  2. 问答
  3. Set-Cookie间歇性不被遵守

Set-Cookie间歇性不被遵守

2010-12-22 37 views
2

我有一个asp.net mvc应用程序,它正在验证用户名/密码,并且如果在浏览器中正确设置cookie并对另一个页面执行302操作。Set-Cookie间歇性不被遵守

由于某些原因,虽然浏览器将忽略set-cookie,因此从不存储cookie。奇怪的是:

  1. 我本地环境完全相同的代码完美地工作,即使在我的测试环境中不同的选项卡运行相同的代码失败
  2. 它完美地在一些浏览器而不是其他

  3. 它有时会在以前无法工作的浏览器中工作

    我已经打开了提琴手,并一直在比较请求/响应和一切看起来相同。任何人都可以对最新进展提出任何建议吗?

不工作

登录响应:

HTTP/1.1 302 Found 
Cache-Control: private 
Content-Type: text/html; charset=utf-8 
Location: https://foo.test/bar 
Server: Microsoft-IIS/7.0 
X-AspNetMvc-Version: 2.0 
X-AspNet-Version: 2.0.50727 
Set-Cookie: .ASPXAUTH=7C02633DAD998CB9CD25CC413FF34506DBF9095B78FC69FD03F83C4F7A091BF45469D389510F5ADD286AB6131EEC14609199C9CAD6B82E2BAFB61DE382BC34A65B72FEE5A9DD53820250E339FB6B863974C91F25CD2BE53646296C6E72F6C18F53C4BE7F9977CE9DB58647D9190093A167DCCBC698D5D4803739D0ECDA4621E744FF886EF7E0E1D3B0ED4A12FB08E34D521F20AA5C9549C66BD3171C68313E70E0ACCB851FA7A7D1509EF30345998A80DF0577F38A8C85E141C4F17803205CDDE05DD2C9; expires=Wed, 22-Dec-2010 16:45:06 GMT; path=/ 
X-Powered-By: ASP.NET 
Date: Sun, 01 Jan 2012 15:36:01 GMT 
Content-Length: 220 

<html><head><title>Object moved</title></head><body> 
<h2>Object moved to <a href="https://foo.test/bar">here</a>.</h2> 
</body></html>

下一个请求(注意没有新的Cookie):

GET https://foo.test/bar HTTP/1.1 
Host: foo.test 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: en-gb,fr;q=0.7,en;q=0.3 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 115 
Connection: keep-alive 
Referer: https://foo.test/login 
Cookie: ASP.NET_SessionId=oskgcf45t5oqvo453kmftw45;

工作

登录响应:

HTTP/1.1 302 Found 
Cache-Control: private 
Content-Type: text/html; charset=utf-8 
Location: https://foo.local/bar 
Server: Microsoft-IIS/7.5 
X-AspNetMvc-Version: 2.0 
X-AspNet-Version: 2.0.50727 
Set-Cookie: .ASPXAUTH=CE23F217A77AC4D7DE76D16EDC27B21257973DECEF8F85D2FD3E345D051C81BE42F35978884BF7E508BF298824BADE1461C56966F5C6A2BF96F2E99F038068CBC068755494A3CD36BB2283040378982B7F96C76E1E2DCF1F6F481AB9C1399D7CFADF30B3049BDE7E94215DF58D091364974C69399AF92B0E03A10C3BF25907DC187060E681D4867E24DBB39F2D26659FDCDCD661DF8DFD88ABD7E4D931207614611013CA68065F7805D055E1FFF72B91C07C5576D4581FB9E4A04029E51E0A78ADD6B894; expires=Wed, 22-Dec-2010 16:49:34 GMT; path=/ 
X-Powered-By: ASP.NET 
Date: Wed, 22 Dec 2010 16:19:34 GMT 
Content-Length: 221 

<html><head><title>Object moved</title></head><body> 
<h2>Object moved to <a href="https://foo.local/bar">here</a>.</h2> 
</body></html>

下一个请求(注意新的Cookie):

GET https://local.toptable.com/ism/confirm?c=2&o=True&v=1313&t=12-00&d=21-12-2010&l=True HTTP/1.1 
Host: foo.local 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: en-gb,fr;q=0.7,en;q=0.3 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 115 
Connection: keep-alive 
Referer: https://foo.local/login 
Cookie: ASP.NET_SessionId=5aefag4544y4pvqht1k3k455; .ASPXAUTH=CE23F217A77AC4D7DE76D16EDC27B21257973DECEF8F85D2FD3E345D051C81BE42F35978884BF7E508BF298824BADE1461C56966F5C6A2BF96F2E99F038068CBC068755494A3CD36BB2283040378982B7F96C76E1E2DCF1F6F481AB9C1399D7CFADF30B3049BDE7E94215DF58D091364974C69399AF92B0E03A10C3BF25907DC187060E681D4867E24DBB39F2D26659FDCDCD661DF8DFD88ABD7E4D931207614611013CA68065F7805D055E1FFF72B91C07C5576D4581FB9E4A04029E51E0A78ADD6B894

来源

2010-12-22 James Hollingworth

回答

4

在 “不工作” 登录响应,服务器的Date:头的值是Sun, 01 Jan 2012 15:36:01 GMT(未来! ),并且您的Cookie过期设置为Wed, 22-Dec-2010 16:45:06 GMT,这会导致浏览器立即过期Cookie,因此不会存储它。

来源

2010-12-22 17:21:38

+0

啊谢谢,我打算花一些时间调查这个(http://serverfault.com/questions/217343/date-header-returned-by-iis7-is-wrong) – 2010-12-30 10:24:14

相关问题

 相关问题