为当用户会话过期重定向到一个页面最佳实践 [英] Best practice for redirecting to a page when the user session expires

问题描述

我从<一个尝试的事情href=\"http://stackoverflow.com/questions/140329/how-can-i-redirect-to-a-page-when-the-user-session-expires\">this SO质疑。但它并没有帮助我。所有的答案似乎不工作。我不想检查会话是否为空或不是，然后重定向到其他页面的每一个方法。我试图在Session_End中事件重定向，但是它不工作，因为它不具有与它相关联的HTTP上下文

I have tried things from this SO question. But it didn't help me. All answers seem not working. I don't want to check whether Session is null or not and redirect to other page in every method. I tried to redirect in Session_end event, but it is not working because it does not have an HTTP context associated with it.

那么，什么是最好的做法？

So, what is the best practice?

感谢。

推荐答案

最佳做法是不是在这样的情况下重定向。

Best practice is not to redirect in a case like this.

假设你是一个网站上的用户，你想去 http://example.net/theInterestingBit 。

Let's say you are a user on a website, and you want to go to http://example.net/theInterestingBit.

现在让我们假设你的会话已过期。

Now let's imagine your session has expired.

是你想要什么，你会去 / theInterestingBit 如果您的会话还活着，否则你会去 / someLoginPage 成功？很可能不会。

Was what you wanted that you would go to /theInterestingBit if your session was alive, but otherwise you would go to /someLoginPage "successfully"? Probably not.

你所想要的是去 / theInterestingBit 并没有在意会话，因为这件事情对于程序员担心不是你。那你没有这样做是不是一个成功的条件，这是一个错误。

What you wanted was to go to /theInterestingBit and not care about "sessions" because that's something for programmers to worry about not you. That you failed to do so isn't a success condition, it's an error condition.

所以，不要重定向，而是使用 HttpServerUtility.Transfer 或 HttpContext.RewritePath ，以便用户还行到 / theInterestingBit 而是成为一个登录页面或其他适当的手段来启动一个新的会话。确保响应使用的403状态 - code，所以它适当地指出作为一个错误页面，而不是一个成功的回应。

So don't redirect, instead use HttpServerUtility.Transfer or HttpContext.RewritePath so that the user still goes to /theInterestingBit but that becomes a login page or other appropriate means to start a new session. Make sure the response uses a status-code of 403 so it's appropriately noted as an error page, rather than a "successful" response.

做到这一点无论是在Global.asax的或 IHttpModule的的实现，以响应 PostAcquireRequestState 事件（因为那是适当的会话后触发事件 - 或缺乏 - 已设置）。你也可以在的BeginRequest 的处理程序做，如果你已经做的事情反正有。 Global.asax中更容易迅速增加，但是模块更容易重复使用或设置为应用程序的某些部分，而不是其他工作。

Do this in either global.asax or in an implementation of IHttpModule, in response to the PostAcquireRequestState event (because that is the event that fires after the appropriate session - or lack thereof - has been set). You could also do it in a handler for BeginRequest if you were already doing something there anyway. global.asax is easier to add in quickly, but modules are more easily re-used or set to work for certain sections of an application and not others.

这篇关于为当用户会话过期重定向到一个页面最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！