会话超时怪异
我有一个人们登录的主网站。这是 IIS 的标准会话时间为 20 分钟。
有一个实时聊天工具出现在同一域的弹出窗口中。不涉及 https。
尽管聊天窗口每隔几秒就会对服务器进行 Ajax 调用(并且总是至少返回一条数据),但只要登录用户发布消息,聊天窗口就会通过 Ajax 向服务器发送数据,但在该消息之后就会超时20分钟,就像什么都没发生一样。
任何想法为什么会发生这种情况以及如何阻止它,因为他们在主动与服务器通信时从站点注销显然是不合理的。
I have a main site where people log-in. This is IIS and the standard session time out of 20 minutes.
There is a live chat facility which appears in a popup window in the same domain. There's no https involved.
Despite the fact that the chat window makes Ajax calls to the server every few seconds (and always get at least one piece of data back) also sends data to the server via Ajax whenever the logged-in user posts a message they are timed out after 20 minutes as if nothing was happening.
Any ideas why this should happen and how to stop it as it's obviously irrational that they are logged out f the site while actively communicating with the server.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我决定做的是使用 cookie 而不是网站的会话变量来检查他们是否已登录。由于这是一个聊天应用程序,因此他们第一次打开聊天页面时会得到一个小时的时间。
每次他们发布消息时,它都会重置为一个小时后。
这样海报就可以保持登录状态,而潜伏者就会被淘汰。
加载时:
发布消息时:
What I've decided to do is use a cookie rather than the site's session variable to check if they're logged in. As this is a chat app, they get an hour when they first open the chat page.
And every time they post a message it gets reset to an hour later.
That way posters stay logged in and lurkers get bumped off.
On load:
On post a message:
听起来您正在使用表单身份验证,并且身份验证 cookie 也即将过期。
每次向应用程序发送请求并且当前会话仍然有效时,会话超时将被更新。
表单身份验证可以通过两种方式工作。您可以让用户保持登录状态一段固定的时间或使用滑动到期时间。例如:
上面将表单身份验证超时设置为 15 分钟,但也启用了滑动过期 (
slidingExpiration="true")。如果用户在 15 分钟内重新访问该网站,则 Cookie 生命周期将延长,并且 让 Forms身份如果
slidingExpiration="false",则用户将在 15 分钟后被踢出,无论他们上次访问该网站的时间如何。验证 cookie 稍微过期也是一个好主意。早于
会话超时。这意味着用户会在遇到空会话数据之前被踢出,如果情况相反的话。
Sounds like you're using Forms Authentication and that the authentication cookie is expiring as well.
Each time a request is sent to the application and the current session is still valid the session timeout will be renewed.
Forms Authentication can work in two ways. You can keep a user logged in for a fixed amount of time or use a sliding expiration. For example:
The above sets the forms authentication timeout to 15 minutes but also enables the sliding expiration (
slidingExpiration="true". Provided a user revisits the site within 15 minutes the cookie lifetime will be extended and the user will stay authenticated.If
slidingExpiration="false"then a user will be kicked off after 15 minutes regardless of when they last accessed the site.It's also a good idea to have the Forms Authentication cookie expire slightly earlier than the
Session timeout. This means users get kicked off before encountering null Session data if it's the other way around.
您实际上是否通过 AJAX 请求发送任何 cookie 信息?
如果 AJAX 请求不包含由 ASP 放置在 cookie 中的会话 ID,则无论请求有多频繁,请求都不会维护会话。
Are you actually sending any cookie information with your AJAX requests?
If the AJAX requests don't contain the Session ID that is placed in a cookie by ASP then the requests will not maintain the session regardless of how frequent they are.