FormsAuthentication.SignOut 抛出 NullReferenceException
这个问题似乎与这个 帖子,但我无法从线程中推断出解决方案。
我在我继承的应用程序中注意到了这段代码(在日志文件中注意到异常被吃掉之后):
protected void Session_End(object sender, EventArgs e)
{
try
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
//if (this.Context.Handler is IRequiresSessionState || this.Context.Handler is IReadOnlySessionState)
//{
// FormsAuthentication.SignOut();
// FormsAuthentication.RedirectToLoginPage();
//}
}
catch (Exception ex)
{
this.GetType().GetLogger().Error(ex);
}
}
我想知道一些事情。首先,SignOut是如何抛出空引用异常的?这是一个例外情况,还是我在程序中做了一些本质上错误的事情?接下来,我应该测试什么来阻止这个异常抛出?
15:51:57,288 [13] 错误 ASP.global_asax - System.NullReferenceException:未将对象引用设置为对象的实例。 在 System.Web.Security.FormsAuthentication.SignOut() 在MvcApplication.Session_End
谢谢
This problem seems related to this post, but I was not able to infer a solution from the thread.
I noticed this code in an application I inherited (after noting in a log file that an exception was being eaten):
protected void Session_End(object sender, EventArgs e)
{
try
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
//if (this.Context.Handler is IRequiresSessionState || this.Context.Handler is IReadOnlySessionState)
//{
// FormsAuthentication.SignOut();
// FormsAuthentication.RedirectToLoginPage();
//}
}
catch (Exception ex)
{
this.GetType().GetLogger().Error(ex);
}
}
I am wondering a few things. First, how is SignOut throwing a null reference exception? Is it an exceptional case, or am I doing something inherently wrong in my program? Next, what should I be testing against to head-off this exception before it is thrown?
15:51:57,288 [13] ERROR ASP.global_asax - System.NullReferenceException: Object reference not set to an instance of an object.
at System.Web.Security.FormsAuthentication.SignOut()
at MvcApplication.Session_End
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
重要的是要认识到
Session_End不一定在 HTTP 请求的上下文中执行。当会话超时时它可能会运行。那时您无法向客户端发送任何内容,因为它根本不存在了!因此,您不应尝试删除
Session_End中的表单身份验证 cookie。如果您愿意,您应该在单击应用程序中某处的“注销”按钮时尽快执行此操作。如果您需要用户的表单身份验证票证在发生超时后过期,则只需在配置文件中适当设置 cookie 过期时间(可能相当于会话超时值)即可。It's important to realize that
Session_Enddoesn't get necessarily executed in the the context of an HTTP request. It may run when a session times out. You cannot send anything to the client at that time, because it simply isn't there anymore!Consequently, you should not try to delete the forms authentication cookie in
Session_End. If you want, you should do that sooner, when a "Sign Off" button is clicked somewhere in your application. If you need a user's forms authentication ticket to expire after a timeout occures, you should simply set the cookie expiration time appropriately (possibly equivalent to session timeout value) in the config file.