日期:2014-05-17  浏览次数:20379 次

ASP.NET中的cookie
我在登陆时,把用户名和角色保存在cookie里面;在注销时把cookie里面的值给清空了,但我下次浏览页面时,不用登陆也能进到管理员页面里,什么原因???

登陆页面代码:

#region "登陆"
    protected void btnlogin_Click(object sender, EventArgs e)
    {
        HttpCookie userId = new HttpCookie("loginId");
        //HttpCookie userPwd = new HttpCookie("loginPwd");
        HttpCookie roleId = new HttpCookie("roleId");
        string name= txtUserName.Text.Trim();
        string pwd = txtPwd.Text.Trim();
        string roles = ddlselect.SelectedValue;
        int result = SEC_USERManager.GetLoginByIdPwd(name, pwd);
        if (result>0)
        {
            userId.Value = name;
            //userPwd.Value = pwd;
            roleId.Value = roles;
            //设置过期时间
            userId.Expires = DateTime.Now.AddDays(1);
            //userPwd.Expires = DateTime.Now.AddMinutes(1);
            roleId.Expires = DateTime.Now.AddDays(7);

            Response.Cookies.Add(userId);
            //Response.Cookies.Add(userPwd);
            Response.Cookies.Add(roleId);



            Response.Redirect("Main.aspx");
        }
        else
        {
            Response.Write("请重新登陆");
            return;
        }
    }
    #endregion


注销按钮代码: