会话过期且用户不再有效
我在会话中缓存有关当前登录用户的信息。每当使用我的全局应用程序类上的 CurrentUser 属性时,都会延迟加载此信息。它通过在我的 MembershipProvider 的自定义实现上调用 GetUser() 来完成此操作,该实现要么从会话加载用户,要么从数据库加载用户并将用户对象抛出到会话中。
我应该如何处理这种情况?
- 用户登录。
- 管理员删除用户(或停用......重点是 他们无法再登录)。
- 用户的会话过期。
- 用户导航到页面或发出请求,等等。
目前,如果发生这种情况,就会到处抛出 NullReferenceExceptions,因为 ASP .NET 框架调用 GetUser(),它不会返回任何内容,因为它无法在数据库中找到用户(并且会话中没有任何内容,因为它已过期)。
I cache information about the currently logged in user in the session. This info lazy loads whenever a CurrentUser property on my global application class is used. It does this by calling GetUser() on my custom implementation of MembershipProvider, which either loads the user up from the session, or loads the user from the DB and throws the user object in the session.
How should I handle this scenario?
- User logs in.
- Administrator deletes user (or deactivates...the point is
they can't log in any more). - User's session expires.
- User navigates to a page or makes a request, or whatever.
Currently if this scenario occurs, NullReferenceExceptions are thrown all over the place, because the ASP .NET framework calls GetUser() which returns nothing because it can't find the user in the database (and there's nothing in the session because it expired).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您的应用认为用户已登录但无法找到该用户,一种选择可能是使用
FormsAuthentication.SignOut()让 ASP.NET 忘记该用户。然后他们应该被踢回到登录屏幕或匿名模式。If your app thinks a user is signed in but the user cannot be found, one option might be to use
FormsAuthentication.SignOut()to make ASP.NET forget about the user. They should then be kicked back to the login screen or anonymous mode.如果要返回 null,请从 GetUser() 引发异常。然后,您可以让 Application_Error 事件捕获该特定异常并重定向到您的登录页面。
Throw an exception from GetUser() if you're going to return null. Then you can have the Application_Error event trap that specific exception and redirect to your login page.