如何在ASP.NET中在5分钟内超时会话 [英] How to timeout session in 5 minutes in ASP.NET

问题描述

在Asp.net会话中，超时基于滑动到期

这意味着如果我将sessionTimout设置为5分钟并且用户访问会话

会话将在3分钟后再次退出到5分钟。每次会话

都会被记录，它会重新设定时间。



如何避免上述情况并在5分钟内直接杀死会话，无论

中间访问它的次数。



我尝试过：



我尝试在登录页面登录后设置计时器和OnTimeElaspsed

事件我试图杀死会话但会话无法在该事件中使用

当页面生命周期结束时。

In Asp.net session timeout is based on sliding expiration
It means if I set sessionTimout to 5 minutes and user access session
after 3 minutes session will receed again to 5 minutes. Each time session
is acccessed it ressets time.

How to avoid above situtation and kill session straight in 5 mins irrespective
of how many times it is accessed in between.

What I have tried:

I tried to set timer after login in login page and OnTimeElaspsed
event I tried to kill session but session is not availble in that event
as page life cycle gets over by that time.

System.Timers.Timer aTimer = new System.Timers.Timer(10000) { AutoReset = false };
aTimer.Elapsed += new ElapsedEventHandler(OnTimedEvent);
aTimer.Enabled = true;

private static void OnTimedEvent(object source, ElapsedEventArgs e)
{
	HttpContext.Current.Session.Abandon();
}

推荐答案

将这些事件添加到您的global.asax文件中

Add these events to your global.asax file

void Session_Start(object sender, EventArgs e)
{
    Session["SessionExpiry"] = DateTime.Now.AddMinutes(5);
}

void Application_AcquireRequestState(object sender, EventArgs e)
{
    try
    {
        DateTime expiry = (DateTime)base.Context.Session["SessionExpiry"];

        if (expiry <= DateTime.Now)
        {
            Session.Abandon();

            // the abandoned session won't kick in until the next page request.
            // here I am redirecting back to the current page, but you may want to do something else
            // like redirect to a "Session Expired" page.
            Response.Redirect(Request.RawUrl);
            base.Context.ApplicationInstance.CompleteRequest();
        }
    }
    catch
    {
    }
}

Google搜索为您提供了许多有用的答案：设置asp.net会话超时 - Google搜索 [ ^ ]



喜欢这个： ASP.NET中的会话超时 - 堆栈溢出 [ ^ ]



[edit]所以你想要用户登录并且只有固定的时间段会议结束前的时间。一段时间后没有因为不活动而超时（你称之为滑动窗口）。



定时器不是解决方案。



如果您拥有一个拥有数千名活跃用户的成功网站怎么办？ （例如：CodeStject在我写这篇文章的时候有超过30,000个活跃用户）。首先想到的是你会很快耗尽内存。



我会在缓存的Session值上设置超时。会话状态的大小取决于您使用的策略，因此您可以避免内存异常。



然后您可以：

1.在回发上检查是否存在值;

2.定期从页面开始，对值进行Ajax检查。



如果值已经过去，那么会议已经过期了。现在你可以让用户知道他们的会话结束了。



希望这有帮助...

Google Search has many great answers for you: setting asp.net session timeout - Google Search[^]

Like this one: Session timeout in ASP.NET - Stack Overflow[^]

[edit] So you want the user to sign in and only have a fixed period of time before the session is closed. Not time out due to inactivity after a period of time (what you call sliding window).

Timer is not the solution.

What if you had a successful website with thousands of active users? (eg: CodeProject has over 30,000 active users at the time I am writing this). The first thing that comes to mind is that you will run out of memory very quickly.

I would set a timeout on a cached Session value. Session states scale dependent on the strategy that you use, so you can avoid memory exceptions.

Then you can:
1. on postback check for the existence of the value;
2. periodically from the page, do an Ajax check for the value.

If the value is gone, then the session has expired. Now you can let the user know their session is over.

Hope this helps...

这篇关于如何在ASP.NET中在5分钟内超时会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！