What sessionid/cookie information does asmx expect in the header?

问题

I'm saving http header cookie/sessionid information when calling a login webmethod so I can send it back on subsequent webmethod calls secured by formsauthentication. I think I just need to know the proper header values to save so and send them back.

I'm calling these services from an android app using ksoap2.

When I step through the code when calling login. I see two Set-Cookie header items:

Set-Cookie
ASP.NET_SessionId=wblzzrtfmli4blku2dslw5iw; path=/; HttpOnly

Set-Cookie
.ASPXAUTH=8264E023428DA853BB163504C0D375D792FC631BB873F04D196E04BAEDE7F7BB39BB5C840D0CD0613A0DD58B2456F12EE21F212D93457F3D6BC2FC343C6AE1E3DD97473B055B36379D178FE6C412EFF61CFCE7FACAF43EEAE85C46B5123CB97C3AFF156F54921993F4A2B85BEE239EAFB05AFFF58FBDA3B7EBDC59B5E0A614D8CC086B5C7DF3A884DE95DBE05F6A138DB97241666870AAF9320EDD; path=/; HttpOnly

As I understand from the documentation here and the answer here, I have to return the Set-Cookie value to the subsequent webmethods using Cookie. But as you can see above I'm getting TWO Set-Cookie header items. So which one do I send back and can I send them back as-is or do I need to strip out the .ASPXAUTH= portion or anything else?

回答1:

I was able to get the answer by sniffing out what the Set-Cookie header looked like when I called secured services from JQuery Ajax within my web application.

Basically I concatenated BOTH Set-Cookie values using a semicolon "; ".

On the login I saved it like this:

StringBuilder cookieBuilder = new StringBuilder();

int intCookieValueCount = 0;
for (Object header : headerList) {
    HeaderProperty headerProperty = (HeaderProperty) header;
    String headerKey = headerProperty.getKey();
    String headerValue = headerProperty.getValue();

    if(headerKey != null){
        if(headerKey.equals("Set-Cookie"))
        {
            if(intCookieValueCount!=0){
                cookieBuilder.append("; ");
            }                   
            cookieBuilder.append(headerValue);
            intCookieValueCount++;
        }                   
    }
}

AppSettings.setSessionCookie(cookieBuilder.toString());

And on subsequent calls:

HeaderProperty headerPropertyObj = new HeaderProperty("Cookie", AppSettings.getSessionCookie());
@SuppressWarnings("rawtypes")
List headerList = new ArrayList();

headerList.add(headerPropertyObj);

androidHttpTransport.call(SOAP_ACTION, envelope, headerList); 

来源：https://stackoverflow.com/questions/13897370/what-sessionid-cookie-information-does-asmx-expect-in-the-header