ASP.Net之使用Cookie和Session实现自动登录

一、UserLogin.aspx代码

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="UserLogin.aspx.cs" Inherits="UserLoginNameSpace" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title></title>
    <script type="text/javascript">
        window.onload = function () {
            var validateCode = document.getElementById("validateCode");
            validateCode.onclick = function () {
                document.getElementById("imgCode").src = "ValidateImageCode.ashx?d=" + new Date().getMilliseconds();
            }
        }
    </script>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        用户名:<input type="text" name="txtName" value="<%=UserName%>"  /><br />
        密码;<input type="password" name="txtPwd" /><br />
        验证码:<input type="text" name="txtCode" /><img src="ValidateImageCode.ashx" id="imgCode" /> <a href="javascript:void(0)" id="validateCode"> 看不清</a><br />
        <input type="submit" value="登录" />
        <input type="checkbox" name="autoLogin" value="auto" />自动登录
        <span style="font-size:14px;color:red"><%=Msg %></span>
    </div>
    </form>
</body>
</html>

using CZBK.ItcastProject.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace UserLoginNameSpace
{
    public partial class UserLogin : System.Web.UI.Page
    {
        public string Msg { get; set; }
        public string UserName { get; set; }
        protected void Page_Load(object sender, EventArgs e)
        {
            if (IsPostBack)
            {
                //string userName = Request.Form["txtName"];
                //UserName = userName;
                if (CheckValidateCode())//先判断验证码是否正确.
                {
                    CheckUserInfo();
                }
                else
                {
                    //验证码错误
                    Msg = "验证码错误!!";
                }
            }
            else
            {
                //判断Cookie中的值。
                CheckCookieInfo();
            }
           
        }
        #region 判断用户名密码是否正确
        protected void CheckUserInfo()
        {
            //获取用户输入的用户名和密码.
            string userName = Request.Form["txtName"];
            UserName = userName;
            string userPwd = Request.Form["txtPwd"];
            //校验用户名密码.
            BLL.UserInfoService UserInfoService = new BLL.UserInfoService();
            string msg = string.Empty;
            UserInfo userInfo = null;
            //判断用户名与密码
            if (UserInfoService.ValidateUserInfo(userName, userPwd, out msg, out userInfo))
            {
                //判断用户是否选择了“自动登录”
                if (!string.IsNullOrEmpty(Request.Form["autoLogin"]))//页面上如果有多个复选框时，只能将选中复选框的的值提交到服务端。
                {
                    HttpCookie cookie1 = new HttpCookie("cp1",userName);
                    HttpCookie cookie2 = new HttpCookie("cp2", Common.WebCommon.GetMd5String(Common.WebCommon.GetMd5String(userPwd)));
                    cookie1.Expires = DateTime.Now.AddDays(7);
                    cookie2.Expires = DateTime.Now.AddDays(7);
                    Response.Cookies.Add(cookie1);
                    Response.Cookies.Add(cookie2);
                }

                Session["userInfo"] = userInfo;
                Response.Redirect("UserInfoList.aspx");
            }
            else
            {
                Msg = msg;
            }
        }

        #endregion

        #region 校验Cookie信息.
        protected void CheckCookieInfo()
        {
            if (Request.Cookies["cp1"] != null && Request.Cookies["cp2"] != null)
            {
                string userName = Request.Cookies["cp1"].Value;
                string userPwd = Request.Cookies["cp2"].Value;
                //校验
                BLL.UserInfoService UserInfoService = new BLL.UserInfoService();
                UserInfo userInfo=UserInfoService.GetUserInfo(userName);
                if (userInfo != null)
                {
                    //注意：在添加用户或注册用户时一定要将用户输入的密码加密以后在存储到数据库中。
                    if (userPwd == Common.WebCommon.GetMd5String(Common.WebCommon.GetMd5String(userInfo.UserPass)))
                    {
                        Session["userInfo"] = userInfo;
                        Response.Redirect("UserInfoList.aspx");
                    }
                }
                Response.Cookies["cp1"].Expires = DateTime.Now.AddDays(-1);
                Response.Cookies["cp2"].Expires = DateTime.Now.AddDays(-1);
            }
          

        }
        #endregion
        
        #region 判断验证码是否正确
        protected bool CheckValidateCode()
        {
            bool isSucess = false;
            if (Session["validateCode"] != null)//在使用Session时一定要校验是否为空
            {
                string txtCode = Request.Form["txtCode"];//获取用户输入的验证码。
                string sysCode = Session["validateCode"].ToString();
                if (sysCode.Equals(txtCode, StringComparison.InvariantCultureIgnoreCase))
                {
                    isSucess = true;
                    Session["validateCode"] = null;
                }
            }
            return isSucess;
        }

        #endregion
    }
}

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="UserInfoList.aspx.cs" Inherits="UserInfoListNameSpace" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <a href="LogOut.ashx">退出</a> 
    </div>
    </form>
</body>
</html>

注意UserInfoList 继承至Common.CheckSession，而CheckSession会判断session里面的值，以此可以判断有session后才可以打开对应的网页

using CZBK.ItcastProject.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace UserInfoListNameSpace
{
    public partial class UserInfoList :Common.CheckSession
    {
      
        protected void Page_Load(object sender, EventArgs e)
        {
            //if (Session["userInfo"] == null)
            //{
            //    Response.Redirect("UserLogin.aspx");
            //}
            //else
            //{
            //    Response.Write("欢迎"+((UserInfo)Session["userInfo"]).UserName+"登录本系统");
            //}
        }
    }
}

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace Common
{
   public class CheckSession:System.Web.UI.Page
    {
       //Init事件：aspx初始化时触发.
       public void Page_Init(object sender, EventArgs e)
       {
           if (Session["userInfo"] == null)
           {
               Response.Redirect("UserLogin.aspx");
           }
       }
    }
}

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace WebApp
{
    /// <summary>
    /// ValidateImageCode 的摘要说明
    /// </summary>
    public class ValidateImageCode : IHttpHandler,System.Web.SessionState.IRequiresSessionState
    {
        //在一般处理程序中如果要使用Session必须实现.IRequiresSessionState接口.
        public void ProcessRequest(HttpContext context)
        {
            context.Response.ContentType = "text/plain";
            Common.ValidateCode validateCode = new Common.ValidateCode();
           string code=validateCode.CreateValidateCode(4);
           context.Session["validateCode"] = code;
           validateCode.CreateValidateGraphic(code,context);
        }

        public bool IsReusable
        {
            get
            {
                return false;
            }
        }
    }
}