asp.net-mvc – 无Cookie会话和跨站点表单帖子

我相信我发现了重定向发生的位置以及可能的解决方案. ISessionIDManager接口具有SaveSessionID方法,其上包含“out bool重定向”参数.似乎在创建新会话时,默认会话管理器会重写此方法中的URL并执行重定向.我开始实现自己的ISessionIDManager并且我能够抑制重定向,但是没有办法(我可以告诉)将会话ID插入到无cookie会话的URL中而不进行重定向.在请求生命周期中的那个点上不允许Server.Transfer.我试过了,但收到了“Error Executing Child Request”消息.

稍后,我在Enabling POST in cookieless ASP.NET Applications上发现了这篇文章.基本上通过绑定到Application_EndRequest事件,您可以检测重定向,清除响应并伪造表单发布到包含会话ID的新URL.

void MvcApplication_EndRequest(object sender,EventArgs e)
{

    HttpApplication application = (HttpApplication)sender;

    if (application.Request.Form["CorpLogin"] == "1"
        && application.Response.RedirectLocation != null
        && application.Response.IsRequestBeingRedirected)
    {

        StringBuilder build = new StringBuilder();
        build.Append("<html>n<body>n<form name='Redirect' method='post' action='");
        build.Append(application.Response.RedirectLocation);

        build.Append("' id='Redirect' >");
        foreach (string key in application.Request.Form)
        {
            if (key != "CorpLogin")
                build.Append(string.Format("n<input type='hidden' name='{0}' value = '{1}'>",(string)key,application.Request.Form[(string)key]));
        }

        build.Append("n<noscript><h2>Object moved <input type='submit' value='here'></h2></noscript>");
        build.Append(@"</form>
      <script language='javascript'>
      <!--
        document.Redirect.submit();
      // -->
      </script>
      ");
        build.Append("</body></html>");

        application.Response.Clear();
        application.Response.ClearHeaders();
        application.Response.Output.Flush();

        application.Response.Write(build.ToString());

    }
}

这不是一个理想的解决方案恕我直言,但它可能足以满足要求.