在Session_End中使用的Global.asax.cs窗体身份验证不点火 [英] Session_End in Global.asax.cs not firing using forms authentication

问题描述

我有一个使用窗体身份验证在45分钟为一个超时一个asp.net 4.0应用程序。我想将用户重定向到一个超时页面时，会话已过期。谁能告诉我如何做到这一点？我运行.NET 4.0。

web.config中有：

 ＆LT;身份验证模式=表格＆GT;
  ＆LT;ASPXAUTH形式的名称= loginUrl =〜/的Login.aspx
    defaultUrl =〜/ Default.aspx的保护=所有超时=45
    requireSSL =假＆GT;
  ＆LT; /形式GT;
＆LT; /认证＆GT;
 

的Global.asax.cs文件有：

 无效Session_End中（对象发件人，EventArgs的发送）
{
    的Response.Redirect（〜/ Timeout.aspx）;
}
 

解决方案

它做在 Session_End中方法重定向是不可能的。它没有运行作为一个请求的结果，因此它不具有响应对象并没有回应任何地方重定向。

这是不可能的浏览器会话即将过期的结果做任何事情。 HTTP协议请求导向，所以没有办法从服务器推送的消息到浏览器没有浏览器请求它

浏览器就不能找出是否会话已过期或没有。如果您将轮询服务器以检查会话已过期，它会保持会话活着，击败超时的目的。

您可以只使用客户端脚本后45分钟重定向：

  window.setTimeout（函数（）{
  window.location.href ='/Timeout.aspx';
}，1000 * 45 * 60）;
 

然而，这将使得仅基于时间重定向因为这个浏览器窗口最后接触的服务器。如果您有多个同一个会话的一个浏览器窗口越多，这是可能的，这次会议实际上已经没有超时。

I have an asp.net 4.0 application that is using forms authentication set to a timeout at 45 minutes. I would like to redirect the user to a timeout page when the session has expired. Can anyone tell me how to do this? I am running .net 4.0.

web.config has:

<authentication mode="Forms">
  <forms name=".ASPXAUTH" loginUrl="~/Login.aspx"
    defaultUrl="~/Default.aspx" protection="All" timeout="45"
    requireSSL="false">
  </forms>
</authentication>

Global.asax.cs file has:

void Session_End(object sender, EventArgs e)
{
    Response.Redirect("~/Timeout.aspx");
}  

解决方案

It's not possible to do a redirect in the Session_End method. It's not running as a result of a request, so it doesn't have a Response object and there is no response to redirect anywhere.

It's not possible to do anything in the browser as a result of the session expiring. The HTTP protocol is request oriented, so there is no way to push a message from the server to the browser without the browser asking for it.

The browser just can't find out if the session has expired or not. If you would poll the server to check if the session has expired, it would keep the session alive, defeating the purpose of the timeout.

You can make a redirect after 45 minutes using just client script:

window.setTimeout(function() {
  window.location.href = '/Timeout.aspx';
}, 1000*45*60);

However, this will make the redirect only based on the time since this browser window last contacted the server. If you have more than one browser window for the same session, it's possible that the session has actually not timed out.

这篇关于在Session_End中使用的Global.asax.cs窗体身份验证不点火的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！