All geek questions in one place

Using HttpCookie to timeout / url

I am working on a web application that is an MVC 5 + Angular JS hybrid. There is no authentication in the web application , and an anonymous user can come and ask for a price for certain services. To get the price, the user needs to answer some questions spread over several pages. Here is the application thread.

  • User presses a button to get a price.

  • The unique URI generated by the request and the user is redirected to the question page

  • The user answers the questions, and the user sends the answers. Questions apply to multiple pages navigated by Angular routing. Responses are saved on the server when navigating pages.

  • As soon as the user sends answers, the system (server) generates a price and displays it to the user.

Currently, if a user has URI bookmarks, he can return in a few days and continue from where he left. I want to prevent this behavior.

What are my MVC settings? I can think of the following:

  • HttpCookieExpiration Use

  • Save the last access time in the database and check if the user has passed in the agreed period of time?

I would like to avoid HttpSession. I am prone to use HttpCookieas it looks like the easiest option.

  • If we go with the option HttpCookie, is there a side effect that I need to keep in mind?

  • Is there any other alternative in MVC that I can look for?

+6
3

cookie. hashed cookie . , :

  • . , cookie.

  • URI, cookie Http Request. cookie , .

MD5 . , , , SHA. , cookie, , .

+3

, , , .

, URL ,

:

var info = [Payload any info you need to store(questionnaire id or so)] + [expirationDate]
var sign = HMAC256(info + [SERVER_SECRET])
var clientLinkParameter = info + sign
var clientLink = [baseURL] + [delimiter] + Base64(clientLinkParameter)

* HMAC256 - , , ,

, . , :

HMAC256([partBeforeDelimiter] + [SERVER_SECRET]) and [partAfterDelimiter] . , , ( , [SERVER_SECRET]), .

, , , , - . , , JSON.

, ( cookie ), - ( )

, .

+4

CreateDate. , URL- , .

  • , cookie.
  • Allows you to add analytics to your site, where you start storing q / a combinations along with the generated prices for this user session. Start collecting data earlier. :)
+3
source

Source: https://habr.com/ru/post/1017378/

More articles:


All Articles