1. 首页
  2. 问答
  3. 单页的应用程序失去身份验证令牌的cookie

单页的应用程序失去身份验证令牌的cookie

2015-11-04 71 views
0

道歉提前为下面的文本的墙,但我想一定要包括在日志中任何可能有用....单页的应用程序失去身份验证令牌的cookie

我有一个ASP .Net MVC应用程序,其主接口是使用SignalR的单页应用程序。对于用户突然“不工作”的情况,我们偶尔会遇到问题 - 其根本原因是他们不再被认证。我每分钟都有一个MVC请求来保持会话的活跃,并且SignalR每隔5分钟也有自己的保持活动状态。它似乎与特定的时间间隔没有关系,因为大多数时候,用户使应用程序一整天都没有问题地打开。我在下面的Web服务器中包含了一个注释的IIS日志示例。为了便于阅读,认证令牌和会话值已缩短。请注意,身份验证令牌会多次更新而不会有任何问题。然后,突然间,浏览器不再发送身份验证令牌。

+------------+----------+-----------+------------------------------+-------------+-------------------------------------+-----------+------------------------------------------------------------------------------------------------+ 
|  date | time  | cs-method | cs-uri-stem     | cs-username | cs(Cookie)       | sc-status | comment                      | 
+------------+----------+-----------+------------------------------+-------------+-------------------------------------+-----------+------------------------------------------------------------------------------------------------+ 
| 2015-11-04 | 10:54:30 | GET  |/       | -   | -         |  302 | user requesting page for the first time; redirect to login page        | 
| 2015-11-04 | 10:54:30 | GET  | /Account/Login    | -   | -         |  200 | login page GET                     | 
| 2015-11-04 | 10:54:46 | POST  | /Account/Login    | -   |          |  302 | login page POST; authenticate and redirect to content page          | 
| 2015-11-04 | 10:54:46 | GET  |/       | user123  | .VWRID=AAAA       |  302 | content page GET; user is logged in               | 
| 2015-11-04 | 10:54:46 | GET  | /Account/SelectConfiguration | user123  | .VWRID=AAAA       |  200 | user doing stuff; no problem                 | 
| 2015-11-04 | …  | …   | …       | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 | user doing stuff; no problem                 | 
| 2015-11-04 | 10:54:50 | GET  | /signalr/negotiate   | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 | SignalR connection                    | 
| 2015-11-04 | 10:54:50 | GET  | /signalr/start    | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 10:54:50 | POST  | /signalr/send    | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 10:55:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 | keepalive for ASP.Net session; once/min              | 
| 2015-11-04 | …  | …   | …       | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 | user doing stuff; no problem                 | 
| 2015-11-04 | 10:59:50 | GET  | /signalr/ping    | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 | SignalR keepalive; once/5 min                 | 
| 2015-11-04 | 11:00:50 | …   | …       | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 11:08:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 11:09:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 | renewed ASP.net token sent to client (?)              | 
| 2015-11-04 | 11:09:50 | GET  | /signalr/ping    | user123  | .VWRID=BBBB;+ASP.NET_SessionId=ses1 |  200 | new ASP.net token sent to server                | 
| 2015-11-04 | 11:10:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=BBBB;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 11:11:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=BBBB;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | …  | …   | …       | user123  | .VWRID=BBBB;+ASP.NET_SessionId=ses1 |  200 | user doing stuff; no problem                 | 
| 2015-11-04 | 11:24:32 | POST  | /signalr/send    | user123  | .VWRID=BBBB;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 11:24:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=BBBB;+ASP.NET_SessionId=ses1 |  200 | renewed ASP.net token sent to client (?)              | 
| 2015-11-04 | 11:24:50 | GET  | /signalr/ping    | user123  | .VWRID=CCCC;+ASP.NET_SessionId=ses1 |  200 | new ASP.net token sent to server                | 
| 2015-11-04 | 11:25:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=CCCC;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | …  | …   | …       | user123  | .VWRID=CCCC;+ASP.NET_SessionId=ses1 |  200 | user doing stuff; no problem                 | 
| 2015-11-04 | …  | …   | …       | user123  | .VWRID=CCCC;+ASP.NET_SessionId=ses1 |  200 | same pattern continues, until…                 | 
| 2015-11-04 | 11:58:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=EEEE;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 11:59:50 | POST  | /Home/CheckVersion   | user123  | .VWRID=EEEE;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 11:59:50 | GET  | /signalr/ping    | user123  | .VWRID=EEEE;+ASP.NET_SessionId=ses1 |  200 |                        | 
| 2015-11-04 | 12:00:50 | POST  | /Home/CheckVersion   | -   | -         |  302 | NO AUTHENTICATION COOKIE!                  | 
| 2015-11-04 | 12:00:50 | GET  | /Account/Login    | -   | -         |  200 | JSON request "redirected" but user never notified            | 
| 2015-11-04 | 12:01:50 | POST  | /Home/CheckVersion   | -   |          |  302 |                        | 
| 2015-11-04 | 12:01:50 | GET  | /Account/Login    | -   |          |  200 |                        | 
| 2015-11-04 | …  | POST  | /Home/CheckVersion   | -   |          |  302 | same pattern…                     | 
| 2015-11-04 | …  | GET  | /Account/Login    | -   |          |  200 |                        | 
| 2015-11-04 | 12:04:49 | GET  | /signalr/ping    | -   |          |  200 | signalr keepalive returns HTTP 200 (?)…              | 
| 2015-11-04 | 12:05:50 | POST  | /Home/CheckVersion   | -   |          |  302 |                        | 
| 2015-11-04 | 12:05:50 | GET  | /Account/Login    | -   |          |  200 |                        | 
| 2015-11-04 | …  | POST  | /Home/CheckVersion   | -   |          |  302 |                        | 
| 2015-11-04 | …  | GET  | /Account/Login    | -   |          |  200 |                        | 
| 2015-11-04 | 12:16:43 | POST  | /signalr/send    | -   |          |  403 | … but signalr requests fail because they need to be authenticated        | 
| 2015-11-04 | …  | POST  | /signalr/send    | -   |          |  403 |                        | 
| 2015-11-04 | 12:43:23 | POST  | /signalr/abort    | -   |          |  403 | at some point signalr aborts                 | 
| 2015-11-04 | 12:43:23 | GET  | /signalr/connect    | user123  | .VWRID=AAAA;+ASP.NET_SessionId=ses1 |  200 | and reconnects with the ORIGINAL authentication token (?)          | 
| 2015-11-04 | 12:43:23 | GET  |/       | -   |          |  302 | User realizes there is a problem and refreshed the page, forcing the login process to initiate | 
| 2015-11-04 | 12:43:23 | GET  | /Account/Login    | -   |          |  200 |                        | 
| 2015-11-04 | 12:43:35 | POST  | /Account/Login    | -   |          |  302 |                        | 
| 2015-11-04 | 12:43:35 | GET  |/       | user123  | .VWRID=FFFF       |  302 | and we're good again…                   | 
| 2015-11-04 | 12:43:36 | GET  | /Account/SelectConfiguration | user123  | .VWRID=FFFF       |  200 |                        | 
| 2015-11-04 | …  | …   | …       | user123  | .VWRID=FFFF;+ASP.NET_SessionId=ses2 |  200 |                        | 
| 2015-11-04 | 15:43:02 | POST  | /Home/CheckVersion   | user123  | .VWRID=GGGG;+ASP.NET_SessionId=ses2 |  200 | still going strong nearly 2 hours later.              | 
+------------+----------+-----------+------------------------------+-------------+-------------------------------------+-----------+------------------------------------------------------------------------------------------------+

web.config中的相关部分:

<system.web> 
    <authentication mode="Forms"> 
    <forms name=".VWRID" loginUrl="~/Account/Login" timeout="30" slidingExpiration="true" protection="All" requireSSL="true" /> 
    </authentication> 
</system.web>

没有人有任何想法可能在这里怎么回事,如何解决?

[UPDATE]

在看着日志,这仅似乎影响上IE 10. SignalR传输机制的用户正在使用的有foreverFrame。我想知道这是否是该传输的SignalR错误。我打算降级这些客户端以使用长轮询并查看问题是否消失。

来源

2015-11-04 Dave Mateer

回答

0

我们删除了foreverFrame用于SignalR传输的选项,问题就消失了。似乎是SignalR中的一个错误。

来源

2015-12-14 18:57:55

相关问题

 相关问题