如何窗体身份验证cookie和Asp.Net会话寿命同步? [英] How to synchronize lifetime of forms authentication cookie and Asp.Net Session?
问题描述
我建立一个使用ASP.NET网站 FormsAuthentication 和具有相似配置的标准的会话机制:
I am building an ASP.NET web site that uses FormsAuthentication and a standard Session mechanism with configuration like:
<authentication mode="Forms">
<forms cookieless="UseCookies" name=".MyAppAuth" loginUrl="~\Login.aspx" timeout="20"/>
</authentication>
...
<sessionState timeout="20" cookieless="UseCookies" />
似乎验证cookie的寿命是不等于该用户会话的生存期。
所以ASP.NET不保证
It seems that the lifetime of an authentication cookie is not equal to the lifetime of the user Session. So ASP.NET doesn't guarantee that
-
会话终止时,用户注销,
Session terminates when user logout,
会话不注销用户之前结束。
Session doesn't terminates before user logout.
有没有一种方法来定制 FormsAuthentication 或\\和会话状态的机制来实现这些目标?
Is there a way to customize FormsAuthentication or\and the Session State mechanism to Reach these goals?
推荐答案
有没有内在机制,因为现实情况是,你想保留用户登录的时间比你想保持周围为他们的会议。此外,会议的目的不是来保证存储,你应该避免在会话数据是任何依赖。
There's no inbuilt mechanism because the reality is you want to keep users logged in for longer than you want to keep their sessions around for. Also, sessions are not meant to be guaranteed storage, and you should avoid any reliance on data being in session.
什么也没有发生在服务器上时,身份验证Cookie过期。有没有跟踪的状态。
Nothing happens on the server when an authentication cookie expires. There is no tracked state.
您可以有一个退出链接,并在处理程序从FormsAuthentication放弃会话和 SignOut ,但没有什么强制用户从网站注销。
You could have a 'logout' link and in the handler Abandon the session and SignOut from FormsAuthentication, but there's nothing that forces a user to log out from a website.
但大多数有人喜欢会话,恨或来恨它,因为它的用途被滥用。主要的原因是用眼过度会议往往是业绩不佳的服务器的原因,和不正确的会话中使用可以创建一个无法扩展的网站。
Some people like Session, however most hate or come to hate it because its use is abused. Main reasons are Session overuse tends to be the cause of poorly performing servers, and incorrect Session use can create websites that won't scale.
避免使用Session,如果你必须使用它,观察MSDN文章的改善ASP.NET性能。也看看理解会话状态模式+ FAQ 尤其问:为什么不解雇Session_End中
Avoid the use of Session if you can, and if you must use it, observe the recommendations in the MSDN article Improving ASP.NET Performance. Also have a look at Understanding session state modes + FAQ and in particular Q: Why isn't Session_End fired?
这篇关于如何窗体身份验证cookie和Asp.Net会话寿命同步?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
