ASP.NET:如何检测验证超时 [英] ASP.NET: How to Detect Authentication Timeout
问题描述
我见过像这一解释如何检测该用户的会话超时。并为清晰起见,这些文章都提到这个web.config行定义的超时值:
I've seen multiple articles like this one that explain how to detect that a user's session has timed out. And for clarity's sake, these articles are referring to the timeout value defined by this web.config line:
<sessionState mode="InProc" cookieless="UseDeviceProfile" timeout="120" />
不要进入该方法太多,但是这涉及到检查Session.IsNewSession是真实的,一个会话cookie已经存在。但是,我还没有看到关于如何检测到任何物品的验证的超时 - 此web.config行定义的:
Not to get into that method too much, but this involves checking that Session.IsNewSession is true and that a session cookie already exists. But I haven't seen any articles on how to detect authentication timeout -- the one defined by this web.config line:
<authentication mode="Forms">
<forms loginUrl="~/Home/Customer" timeout="60" name=".ASPXAUTH" requireSSL="false" slidingExpiration="true" defaultUrl="~/Home/Index" cookieless="UseDeviceProfile" enableCrossAppRedirects="false"/>
</authentication>
多篇文章在网上,其中包括<一个href=\"http://stackoverflow.com/questions/1470777/forms-authentication-timeout-vs-session-timeout\">this SO 后,纷纷表示,会话超时值一般应加倍您的身份验证超时值。所以,现在,如上所述,我的会话是120,我的身份是60.这意味着我永远不会在会话超时的情况下得到的,但用户通过身份认证;如果用户曾经超时,它会因身份验证,而不是会话。
Multiple articles online, including this SO post, have said that your Session timeout value should generally be double your Authentication timeout value. So right now, as above, my Session is 120 and my Authentication is 60. This means that I'll never get in a situation where the Session has timed out, but the user is still Authenticated; if the user ever times out, it will be due to Authentication, not Session.
所以,像其他人一样,我感兴趣的是如何向用户报告,他们的会话超时(但实际上它会因身份验证超时)。有谁知道的一种方式来做到这一点,或任何资源网上,可以指向我一个解决方案吗?
So, like everyone else, I'm interested in how to report to the user that their session has timed out (but really it'll be due to the Authentication timeout). Does anyone know of a way to accomplish this, or any resources online that can point me to a solution?
推荐答案
当您登录用户,你可以删除该用户的计算机,表明他们有一个会议的cookie。当用户到达登录页面(因为如果他们的会话过期,他们的登录也必须有),检查用户是否有该cookie,如果他们有任何你希望他们有(如果这证明困难的会话密钥,只需设置一个会话变量,当他们登录)。如果他们有饼干,但会话密钥没有,那么他们的会话过期。
When you log the user, you could drop a cookie on the user's machine indicating that they had a session. When the user reaches the login page (because if their session expired, their login must also have), check to see if the user has that cookie and if they have any of the session keys you expect them to have (if this proves difficult, just set a session variable when they log in). if they have the cookie, but none of the session keys, then their session expired.
这篇关于ASP.NET:如何检测验证超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
