多台服务器sessionId共享

多台服务器sessionId共享

session id是服务器首次与浏览器创建连接时，生成的id值，存入浏览器端cookie中，值加密的，下次请求时，浏览器自动带上session值发送给服务器，服务器根据cookie中存的session id值提取服务器存的用户信息，

基于上面的原理，在服务器集群中，如果服务器甲与浏览器建立了连接，则有个session id，如果下一个请求被负载均衡器转发给服务器乙处理，则服务器乙与浏览器也会建立一个新的session id，因为session的cookie名称相同，所以导致session id会被刷新，导致一直都没有登录，

解决方案：

登录成功后，将唯一凭据，比如【用户id+“#”+客户端ip+“#”+当前时间】，加密后的值作为cookie的值返回给浏览器,作为登录凭据，服务器根据此用户id作为缓存key，缓存值就存用户信息。
此时的cookie是可以在集群中传输的，服务器可以正常的提取到登录用户的id。

ASP.NET Core 参考代码(NET 7):

登录处理

/// <summary>///ajax， 登录处理/// </summary>/// <param name="account">账号</param>/// <param name="password">密码</param>/// <returns></returns>public async Task<IActionResult> LoginDo(string account, string password){//GetCustumerIP 获取当前客户端ipvar result = await userBLL.DoLoginAsync(account, password, null, GetCustumerIP);          if (result.Code == 200){var _cookieOptions = new CookieOptions(){//Expires = DateTime.Now.AddMinutes(30),HttpOnly = true, /* 防御XSS攻击  */};//将用户id存入cookie //解决nginx反向代理cookie问题；string loginAuthTxt = result.Data.Authorize_user_id.ToString() + "#" + GetCustumerIP + "#" + DateTime.Now.AddHours(12).ToString("yyyy-MM-dd HH:mm:ss.fff");//AES加密string encryUserId = AesHelpter.AESEncryptToHex(loginAuthTxt);Response.Cookies.Append(CacheKeyConfig.CookieName_loginAuth, encryUserId, _cookieOptions);}return Json(new Model.Result(  result.Msg, result.Code));}

登录（请求）过滤器

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Web;using Microsoft.AspNetCore.Mvc;
using System.Diagnostics;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Policy;using Microsoft.AspNetCore.Routing;
using Web_rongmeiti_sys.Handler;
using Web_rongmeiti_sys.Model;
using Newtonsoft.Json.Linq;
using Microsoft.JSInterop.Infrastructure;namespace Web_rongmeiti_sys
{/*
IAsyncAuthorizationFilter
IAuthorizationFilter AuthorizeAttribute *//// <summary>/// 登录验证，权限验证，action过滤。FunId为空只验证登录，不验证权限/// </summary>public class LoginFilter : Attribute, IAsyncAuthorizationFilter{public LoginFilter(){}public LoginFilter(string funId){FunId = funId;}/// <summary>/// 方法标识id/// </summary>private string FunId { get; set; }public Task OnAuthorizationAsync(AuthorizationFilterContext context){获取登录用户id值，修改时间：2023-8-2 09:37:10 string? userId_encry = string.Empty;context.HttpContext.Request.Cookies.TryGetValue(CacheKeyConfig.CookieName_loginAuth, out userId_encry);bool isAjax = MyExceptionFilter.IsAjax(context.HttpContext.Request);if (string.IsNullOrWhiteSpace(userId_encry)){//没有登录，去登录goto To_login;}//验证cookie值是否有效？try{string descValue = AesHelpter.AESDecryptByHex(userId_encry);if (descValue.IndexOf("#") == -1){goto To_login;}string tokenIP = descValue.Split("#")[1];if (!tokenIP.Equals(GetCustumerIP(context))){goto To_login;}string expireTimeStr = descValue.Split("#")[2];if (!DateTime.TryParse(expireTimeStr, out DateTime expireTime) ||expireTime <= DateTime.Now){goto To_login;}}catch (Exception){goto To_login;}if (string.IsNullOrWhiteSpace(FunId)){return Task.CompletedTask;}To_login:if (isAjax){//无权访问//context.Result = new UnauthorizedResult();context.Result = new JsonResult(new { Code = 500, Msg = "登录失效，请重新登录" }){StatusCode = StatusCodes.Status401Unauthorized};return Task.CompletedTask;}//没有登录，去登录context.Result = new RedirectResult("/user/Login");//删除cookiecontext.HttpContext.Response.Cookies.Delete(CacheKeyConfig.CookieName_loginAuth);return Task.CompletedTask;}/// <summary>///  获取访问者ip/// </summary>public string GetCustumerIP(AuthorizationFilterContext context){var request = context.HttpContext.Request;Microsoft.Extensions.Primitives.StringValues ip;//X-Real-IP，nginx代理传输的客户端真实ip，添加时间：2023-8-2 09:42:03 if (request.Headers.TryGetValue("X-Real-IP", out ip)){return ip.ToString();}//获取访问者ipreturn context.HttpContext.Connection.RemoteIpAddress.ToString();}}}

过滤器使用

public class HomeController :  BaseController 
{[LoginFilter]public ActionResult Index(){//当前登录用户var userLogin=CurrentLoginUser;return View();}}

BaseController

using Microsoft.AspNetCore.Mvc;
using Web_rongmeiti_sys.Business_Interface;
using Web_rongmeiti_sys.DAL_Interface;
using Web_rongmeiti_sys.Model;namespace Web_rongmeiti_sys.Controllers
{/// <summary>/// 基础，控制器，/// </summary>/// 创建时间：2023-6-26 15:44:17 public class BaseController : Controller{/// <summary>///  获取访问者ip/// </summary>public string GetCustumerIP{get{Microsoft.Extensions.Primitives.StringValues ip;//X-Real-IP，nginx代理传输的客户端真实ip，添加时间：2023-8-2 09:42:03 if (Request.Headers.TryGetValue("X-Real-IP", out ip)){return ip.ToString();}//获取访问者ipreturn HttpContext.Connection.RemoteIpAddress.ToString();}}/// <summary>/// 当前登录用户/// </summary>public Authorize_user CurrentLoginUser{get{try{获取登录用户id值， 2023-8-2 09:42:53 string? userId_encry = string.Empty;Request.Cookies.TryGetValue(CacheKeyConfig.CookieName_loginAuth, out userId_encry);if (string.IsNullOrEmpty(userId_encry)){throw new Exception("登录失效，userId_encry ");}string desc = AesHelpter.AESDecryptByHex(userId_encry);string userId = desc.Split("#")[0];Authorize_user? user = System.Runtime.Caching.MemoryCache.Default.Get(userId) as Authorize_user;if (user == null){IUserBusiness userBusiness = ServicesHelpter.GetService<IUserBusiness>();long userId2 = long.Parse(userId);user = userBusiness.GetAsync(userId2).Result;//登录成功，缓存用户,缓存12小时System.Runtime.Caching.MemoryCache.Default.Set(userId, user, DateTimeOffset.Now.AddSeconds(43200));}return user;}catch (Exception ex){throw new Exception("获取登录用户异常，", ex);}}}}
}