C# asp.net forms-authentication session-timeout

Global.asax.cs 中的 Session_End 未使用表单身份验证触发

发布于 2024-10-07 23:21:52 字数 509 浏览 2 评论 0原文

我有一个使用表单身份验证的 asp.net 4.0 应用程序，超时设置为 45 分钟。我想在会话过期时将用户重定向到超时页面。谁能告诉我该怎么做？我正在运行.net 4.0。

web.config 有：

<authentication mode="Forms">
  <forms name=".ASPXAUTH" loginUrl="~/Login.aspx"
    defaultUrl="~/Default.aspx" protection="All" timeout="45"
    requireSSL="false">
  </forms>
</authentication>

Global.asax.cs 文件有：

void Session_End(object sender, EventArgs e)
{
    Response.Redirect("~/Timeout.aspx");
}

原文

I have an asp.net 4.0 application that is using forms authentication set to a timeout at 45 minutes. I would like to redirect the user to a timeout page when the session has expired. Can anyone tell me how to do this? I am running .net 4.0.

web.config has:

<authentication mode="Forms">
  <forms name=".ASPXAUTH" loginUrl="~/Login.aspx"
    defaultUrl="~/Default.aspx" protection="All" timeout="45"
    requireSSL="false">
  </forms>
</authentication>

Global.asax.cs file has:

void Session_End(object sender, EventArgs e)
{
    Response.Redirect("~/Timeout.aspx");
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

紫竹語嫣☆ 2024-10-14 23:21:52

无法在 Session_End 方法中进行重定向。它不是作为请求的结果而运行，因此它没有 Response 对象，并且没有可重定向到任何地方的响应。

由于会话过期，无法在浏览器中执行任何操作。 HTTP 协议是面向请求的，因此如果浏览器没有请求，就无法将消息从服务器推送到浏览器。

浏览器只是无法确定会话是否已过期。如果您轮询服务器以检查会话是否已过期，它将使会话保持活动状态，从而违背了超时的目的。

您可以仅使用客户端脚本在 45 分钟后进行重定向：

window.setTimeout(function() {
  window.location.href = '/Timeout.aspx';
}, 1000*45*60);

但是，这将仅根据此浏览器窗口上次联系服务器以来的时间进行重定向。如果同一会话有多个浏览器窗口，则该会话可能实际上并未超时。

It's not possible to do a redirect in the Session_End method. It's not running as a result of a request, so it doesn't have a Response object and there is no response to redirect anywhere.

It's not possible to do anything in the browser as a result of the session expiring. The HTTP protocol is request oriented, so there is no way to push a message from the server to the browser without the browser asking for it.

The browser just can't find out if the session has expired or not. If you would poll the server to check if the session has expired, it would keep the session alive, defeating the purpose of the timeout.

You can make a redirect after 45 minutes using just client script:

window.setTimeout(function() {
  window.location.href = '/Timeout.aspx';
}, 1000*45*60);

However, this will make the redirect only based on the time since this browser window last contacted the server. If you have more than one browser window for the same session, it's possible that the session has actually not timed out.

回复收藏 0 原文

姐不稀罕 2024-10-14 23:21:52

你的会话状态是如何实现的？ Session_End 仅在您使用 InProc 时才有效。

请参阅http://www.eggheadcafe.com/articles/20021016.asp

回复收藏 0 原文

書生途 2024-10-14 23:21:52

在 MVC 上，您可以在 _ViewStart.cshtml _ViewStart.cshtml 中添加以下代码

：

@{
     Response.AddHeader("Refresh",Convert.ToString((Session.Timeout * 60) + 5));      

     if(Session.IsNewSession)  
         Response.Redirect(“Logout.aspx");// or another page which you want.
}

如何在会话结束时重定向

On MVC you can adding this code in _ViewStart.cshtml

_ViewStart.cshtml:

@{
     Response.AddHeader("Refresh",Convert.ToString((Session.Timeout * 60) + 5));      

     if(Session.IsNewSession)  
         Response.Redirect(“Logout.aspx");// or another page which you want.
}

How to Redirect on Session End

回复收藏 0 原文

~没有更多了~