Geek asks and answers

Why does DNN kill my authentication cookies when I access ashx from the kids portal?

I see a very strange problem that occurs only with users without administration.

When a user logs in and accesses one page, they log out. The page finishes loading as if they are logged in, but after they try to perform any other actions (including updating the browser page), they are considered unregistered and presented with an invitation to enter.

Opening the violinist, I see that one of the answers from the server contains the following:

The response sent 71 bytes of cookie data: Set-Cookie: portalaliasid =; expires = Sat, 08-May-1982 17:26:06 GMT; Path = /; HttpOnly

The response sent 69 bytes of cookie data: Set-Cookie: portalroles =; expires = Sat, 08-May-1982 17:26:06 GMT; Path = /; HttpOnly

The response sent 69 bytes of cookie data: Set-Cookie: .DOTNETNUKE =; expires = Tue, 12-Oct-1999 04:00:00 GMT; Path = /; HttpOnly

The response sent 27 bytes of cookie data: Set-Cookie: language =; Path = /; HttpOnly

The response sent 33 bytes of cookie data: Set-Cookie: authentication =; Path = /; HttpOnly

This always happens when I make my ashx user web call. The code calling this call is the following javascript:

$('#lstStates').empty();
var selectedRegions = $('select[id*=lbxRegions]').val();

// Get the list of states for the selected regions
$.ajax({
    url: '/DesktopModules/MyModule/ashx/GetStatesForRegions.ashx',
    data: { regions: selectedRegions },
    dataType: 'json',
    success: function (data) {
        if (IsArray(data)) {
            for (var state in data) {
                $('#lstStates').append('<option>' + data[state] + '</option>');
            }
        }
    }
});

The code in ashx is

public class GetStatesForRegions : IHttpHandler
{
    public bool IsReusable { get { return false; } }

    public void ProcessRequest(HttpContext context)
    {
        context.Response.ContentType = "text/plain";

        // Get the list of region ids from the GET request
        string[] ids;
        string regionsArray = context.Request["regions[]"] ?? string.Empty;
        ids = regionsArray.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);

        using (var dbContext = new MyDataContext())
        {
            string[] states;

            var query = dbContext.Schools.Where(x => x.PodRegionId != null);

            if (ids != null && ids.Length > 0)
                query = query.Where(x => ids.Contains(x.PodRegionId.ToString()));

            states = query.Select(x => x.xosAddress.State)
                          .Distinct()
                          .OrderBy(x => x)
                          .ToArray();

            context.Response.Write(JsonConvert.SerializeObject(states));
            context.Response.End();
        }
    }
}

Why is it clearing my respective cookies and logging out non-admin users?

Edit : To add to the secret, when you access ashx as a non-DNN administrator, it seems to return a 302 HTTP response, redirecting you to the same URL again. This answer 302 is what contains cookie clearing data. The second time it accesses ashx (due to a redirect), the correct data will be returned.
+4
source share
1 answer

, , ASHX ( DNN) . DNN , , " ", . , .

, . DNN :

$.ajax({
    url: '/DesktopModules/MyModule/ashx/GetStatesForRegions.ashx?portalId=' + <%:PortalId%>,
    ....
});
+7

More articles:


All Articles