想要在后台设置cookie来记住用户名和密码。弄了几天还是弄不好,求求各位大神帮忙看一下
<form id="loginForm" method="post" action="@Url.Action("Login","Member")" data-ajax="true">
<ul data-role="listview" data-inset="true">
<li data-role="fieldcontain">
<label for="name2b">电话/手机号:</label>
<input type="text" name="userid" id="name2b" value="" data-clear-btn="true" placeholder="请在这里输入电话/手机号...">
</li>
<li data-role="fieldcontain">
<label for="name2b">体检人姓名:</label>
<input type="text" name="password" id="pass2b" value="" data-clear-btn="true" placeholder="请在这里输入您的体检人姓名...">
</li>
<li data-role="fieldcontain">
<label for="flip2b">记住我</label>
<select id="flip2b" name="rmbuser" data-role="flipswitch">
<option value="off">Off</option>
<option value="on"> On</option>
</select>
</li>
<li>
<button type="submit" id="submit" data-inline='true'><i class='lIcon fa fa-check'></i>确定</button>
<button type="reset" data-inline='true'><i class='lIcon fa fa-times'></i>取消</button>
</li>
</ul>
</form>前台代码
namespace WebApp.Controllers
{
public class MemberController : Controller
{
//
// GET: /Member/
public ActionResult Index()
{
return View();
}
public ActionResult Login()
{
return View();
}
[HttpPost]
public string Login(string userid, string password)
{
var user = MemberBLL.Login(userid, password);
if (user == null) return "0"; //RedirectToAction("Index", "ShowInfo");
Session["LogonUser"] = user;
return user.PATIENTNAME;//RedirectToAction("Index", "Home");
}
}
}后台代码
我该怎么弄呢,不需要考虑安全问题,想在后台修改,新手求教
------解决思路----------------------
cookie中只要保存一个id编号用于索引即可。真正的数据需要保存在服务器端,客户端是拿不到的。
给你写个简单的例子。(由于只是就事论事,这里没有把password使用签名编码来保存,而是使用了明文。)
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form id="form1" runat="server">
<asp:Label ID="Label1" runat="server" Text="用户名:"></asp:Label>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
<asp:Label ID="Label2" runat="server" Text="密码:"></asp:Label>
<asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>
<br />
<asp:Button ID="Button1" runat="server" Text="保存" OnClick="Button1_Click" />
<asp:Button ID="Button2" runat="server" Text="查看" OnClick="Button2_Click" />
</form>
<hr />
提示:重启asp.net网站以后,再次点击“查看”按钮,可以看到MySession仍然有效。
</body>
</html>
using System;
using System.Configuration;
using System.Data.SqlClient;
using System.Web.UI;
public partial class _Default : System.Web.UI.Page
{
static _Default()
{
using (var conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString1"].ConnectionString))
{
conn.Open();
var cmd = conn.CreateCommand();
cmd.CommandText = "if object_id(N'Passport',N'U') is null " +
"create table Passport(sid varchar(50) primary key, uid varchar(50), pwd varchar(40))";
cmd.ExecuteNonQuery();
}
}
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string sid;
var c = Request.Cookies["MySessionId"];
if (c == null)
sid = Guid.NewGuid().ToString("n");
else
sid = c.Value;
SaveMySessionId(sid);
}
private void SaveMySessionId(string sid)
{
var name = this.TextBox1.Text.Trim().Replace("'", "''");
var pwd = this.TextBox2.Text.Trim().Replace("'", "''");
var sql = string.Format("if exists(select * from Passport where sid='{0}') " +
"update Passport set pwd='{2}',uid='{1}' where sid='{0}' else insert Passport(sid,pwd,uid) values('{0}','{2}','{1}')",
sid, name, pwd);
using (var conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString1"].ConnectionString))
{
conn.Open();
var cmd = conn.CreateCommand();
cmd.CommandText = sql;
cmd.ExecuteNonQuery();
}
var c = Response.Cookies["MySessionId"];
c.Value = sid;
c.Expires = DateTime.Now.AddDays(7);
}
protected void Button2_Click(object sender, EventArgs e)
{
string sid;
var c = Request.Cookies["MySessionId"];
if (c == null)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "", "alert('木有保存过会话!');", true);
return;
}
sid = c.Value;
var sql = string.Format("select top 1 uid,pwd from Passport where sid='{0}'", sid);
using (var conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString1"].ConnectionString))
{
conn.Open();
var cmd = conn.CreateCommand();
cmd.CommandText = sql;
var rd = cmd.ExecuteReader();
if (!rd.Read())
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "", "alert('数据库中没有值!');", true);
return;
}
var scp = string.Format("alert('用户名:{0},密码:{1},MySessionId:{2}');",
((string)rd["uid"]).Replace("'", "\\'"),
((string)rd["pwd"]).Replace("'", "\\'"),
sid);
ScriptManager.RegisterStartupScript(this, this.GetType(), "", scp, true);
}
}
}
这里说明了如何读写 cookie 中德 MySessionId 的值,以及如何读写数据库中 MySessionId 值对应的用户名和密码。