如何在MVC 5 / C中实现假会话超时# [英] How to implement fake session time out in MVC 5 / C#
问题描述
大家好,
美好的一天!
我想询问如何如果30分钟过去没有用户干预,如鼠标点击或键盘按下,则实施假会话超时。我现有的应用程序总是刷新,只是为了检查数据库表中的状态标志。因此,由于页面的不断刷新,常规会话超时无效。现在,我想在每两秒内忽略页面刷新或页面重新加载,如果没有来自鼠标或键盘的干预,则执行会话超时。可能吗?如果是,即使页面总是重新加载,我将执行会话超时的最佳或示例代码是什么。一旦执行会话超时,页面将被重定向到登录页面。
非常感谢。
以下是我在webconfig中的示例代码
我尝试了什么:
Hi to all,
Good day!
I would like to ask on how to implement fake session timeout if 30 minutes passed without intervention from the user like mouse click or keyboard press. My existing application is always refreshing just to check the status flag from database table. Because of this, the regular session timeout is not working because of the constant refreshing of the page. Now, I would like to ignore the page refreshing or page reloading in every two seconds and execute the session timeout if no intervention coming from the mouse or keyboard. is it possible? If yes, what would be the best or sample code that I gonna do to execute the session timeout even the page is always reloading. Once the session timeout is executed, the page will be re-directed to log-in page.
Thank you very much.
Below is my sample code in webconfig
What I have tried:
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ActiveDirectoryDomainList" value="Domain_1;Domain_2" />
<add key="IActiveDirectoryAdapter" value="ExternalSystems.ActiveDirectoryMockAdapter, ExternalSystems" />
<add key="MemberFilter" value="Filter1,Filter2" />
<add key="SessionTimeOut" value="30" />
<add key="SqlCommandTimeOut" value="120" />
</appSettings>
下面是我的SecurityController.cs
Below is my SecurityController.cs
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogIn(LogInModel model)
{
if (!ModelState.IsValid)
{
return View(model);
}
model.IPAddress = Request.UserHostAddress;
model.SessionId = HttpContext.Session.SessionID;
model = SecurityBL.LogInUser(model);
if (model.ErrorList.Any())
{
ViewBag.Message = model.ErrorList.First().ErrorMessage;
return View(model);
}
FormsAuthentication.SetAuthCookie(model.UserName, false);
SessionManager.LastLogin = DateTime.Now.ToString();
SessionManager.EmployeeGroup = model.EmployeeGroup;
SessionManager.UserID = model.UserID;
Session.Timeout = Convert.ToInt32(model.SessionTimeout);
switch (model.EmployeeGroup)
{
case Constants.AccountingGroup:
return RedirectToAction("UserDashBoard", "AccountDashBoard");
case Constants.AdminGroup:
return RedirectToAction("AdminDashBoard", "AccountDashBoard");
default:
break;
}
return RedirectToAction("LogIn", "Security", new { info = "Identity not valid!" });
}
推荐答案
如何重新思考你的逻辑?在休眠期间,在系统中保留一个内部计时器。如果它达到一定的时间 - 关闭你的应用程序,然后让现有的超时负责其余的(尽管你的过程延迟)。
这个这是一个干净的方法,因为你不依赖于任何潜在的安全危害代码。
潜在的缺陷:你的应用程序正在运行,但没有使用。同时,用户正在积极地使用工作站。你让你的申请时间出来了吗?为此,你可能需要挂钩系统,有点让你回到整圆。
所以 - 结合这两个想法:你的应用程序停止它自动刷新如果否则休眠一段时间 - 然后,如果使用其他应用程序,它将不会因不活动而关闭;同时,如果没有人做任何事情,系统可能会因不活动而关闭
How about rethinking your logic? Keep an internal timer in your system for the dormant period. If it reaches a certain amount of time - the shut down your application and then let the existing timeout take care of the rest (albeit delayed by your process).
This is a clean method in that you don't rely on any potentially security-compromising code.
Potential flaw: you application is running, but not in use. Meanwhile, the user is actively working with the workstation. Do you let your application time itself out? For this, you may need to hook into the system, somewhat bringing you back full-circle.
So - combining these two ideas: you application stops it automatic refresh if otherwise dormant for some period of time - then, it will not shut down from inactivity if other applications in use; meanwhile, the system can shutdown from inactivity if noone's doing anything
这篇关于如何在MVC 5 / C中实现假会话超时#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
