长期持续身份验证 Cookie 的 ASP.Net 会话状态
我需要长期保留持久身份验证 cokkies(1 个月),
我还使用了相当多的会话变量。 现在我无法将会话超时设置那么长(这会杀死服务器)。 目前设置为 30 分钟。
假设用户将浏览器窗口打开一天,身份验证 cookie 不会过期,但会话会过期。 并且该应用程序将无法运行。
那么对于这个问题有什么建议、解决方法或有用的链接吗?
I have a requirement to persist the Persistent auth cokkies for a long period (1 month)
I am also using quite a few session variables. Now I cannot set the session timeout to that long (it will kill the server). It is currently set to 30 mins.
Suppose the user keeps their browser window open for a day, the auth cookie wont expire but the session would. And the application wont function.
So any suggestion, workarounds or useful links for this problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
保留身份验证 cookie 很容易,并且与会话状态无关:
超时以分钟为单位设置,因此:
会话内容有点棘手,但可行。
您确实需要查看会话中实际存储的内容,以及您是否真的一直需要所有这些内容。 由于会话变量存储在服务器上,为了让它们在应用程序重新启动时保持不变(默认为网站上最后一次活动后 20 分钟,或自上次应用程序重新启动后 29 小时,以及其他特殊情况),您将拥有看看使用 InProc 会话以外的其他东西 - 使用会话服务器或 SqlSessions。
但是,您也可以对配置文件执行某些操作,因此将最少使用的变量存储在配置文件存储中,并且仅在真正需要时才检索它们。
否则,您需要考虑在用户回来时重建会话状态的方法 - 因此将某种已知令牌存储在持久 cookie 中,使您能够从上次中断的地方继续 - 然而这是最简单的方法那就是从身份验证系统中获取他们的用户名,并将详细信息存储在数据库中......
Persisting the authentication cookie is easy, and independant of the Session state:
The timeout is set in minutes, so:
The session stuff is a bit trickier, but workable.
You really need to look at what you're actually storing in session, and whether you really need all of it all of the time. As session variables are stored on the server, to have them persist across application restarts (which defaults to 20 minutes after the last activity on the site, or 29 hours since the last app restart, and other exceptional cases) you're going to have to look at using something other than InProc sessions - either using a session server, or SqlSessions.
However, it might be that you can do something with profiles as well, so store the least used variables in a profile store, and only retrieve them when you really need to.
Otherwise, you'd want to look at ways you could rebuild the session state when a user comes back - so store some sort of known token in a persistant cookie that enables you to pick up where you left off - however the easiest way to do that is to take their username from the authentication system, and store the details in a database...