如何在母版页或 global.asax 中启动时检查会话
我是 ASP.NET 表单身份验证和会话的新手,
我想知道如何在母版页或 global.asax 中保存会话 以及如何清除会话
如何通过重定向到页面来更好地处理会话超时
这是我的母版页中的 web.config 会话设置
<sessionState mode="InProc" cookieless="false" timeout="1"></sessionState>
代码
if (Request.Url.AbsolutePath.EndsWith("SessionExpired.aspx", StringComparison.InvariantCultureIgnoreCase))
{
HtmlMeta meta = new HtmlMeta();
meta.HttpEquiv = "Refresh";
meta.Content = "7; URL=./Login.aspx";
Page.Header.Controls.Add(meta);
}
else
HttpContext.Current.Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60)) + "; Url=./Public/SessionExpired.aspx");
i am new in asp.net form authentication and sessions
i would like to know how to save session in masterpage or in global.asax
and how to clear session
how to better handle session timeout by redirecting to a page
this is my web.config session settings
<sessionState mode="InProc" cookieless="false" timeout="1"></sessionState>
code in my masterpage
if (Request.Url.AbsolutePath.EndsWith("SessionExpired.aspx", StringComparison.InvariantCultureIgnoreCase))
{
HtmlMeta meta = new HtmlMeta();
meta.HttpEquiv = "Refresh";
meta.Content = "7; URL=./Login.aspx";
Page.Header.Controls.Add(meta);
}
else
HttpContext.Current.Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60)) + "; Url=./Public/SessionExpired.aspx");
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
因此,您的策略对我来说看起来不错,但我更喜欢不同的实现:
IsRefreshHeaderNeeded- 默认实现将返回 true。该方法将在 BasePage 的 PreRender 阶段调用,以添加实际的刷新标头作为响应。IsRefreshHeaderNeeded将被覆盖以返回 false。 (在诸如登录或不需要会话支持的页面等页面中可能需要类似的操作)。母版页是一个内容模板,我更喜欢在母版页中仅包含与该内容相关的逻辑。
另一种策略是不使用客户端刷新来处理会话过期,而是当您指示用户返回站点时当前会话已过期时,从服务器端进行刷新。进一步扩展,您甚至可以实现将关键会话数据保存到数据库中,以便您可以重建会话,并且从用户体验的角度来看,不会有会话过期。
As such, your strategy looks OK to me but I would have preferred a different implementation:
IsRefreshHeaderNeeded- the default implementation will return true. The method will be invoked in PreRender stage of BasePage to add actual refresh header in response.IsRefreshHeaderNeededwill be overridden to return false. (Similar can be needed in pages such as login or pages that don't need session support).Master page is a content template and I prefer to have only logic related that that content within the master page.
Yet another strategy is not to use client side refresh for session expiry but rather do it from server side when you dictates that current session has expired when user visits the site back. Extending further, you may even have implementation that save critical session data into database so that you can reconstruct the session and from user experience perspective, there will be no session expiry.
来手动清除会话
您可以通过调用“关于会话过期” :
在某处执行此代码(如 VinayC 建议的 MasterPage 或在从 System.Web.UI.Page 派生的类中执行,该类充当所有内容页面的基类(这意味着在所有代码隐藏中更改从 System.Web.UI.Page 的派生)文件从 aspx 页面到自定义类的派生中)
You can clear a session manually by calling
About the session expiration:
Execute this code somewhere (like VinayC suggested, MasterPage or in a class derived from System.Web.UI.Page that serves as a baseclass for all your content pages (meaning change the derivation from System.Web.UI.Page in all you codebehind files from the aspx pages into the derivation of your custom class)