在Ajax调用处理会话超时 [英] Handling session timeout in ajax calls
问题描述
我正在使用jquery的asp.net mvc的控制器操作Ajax调用:
I'm making an ajax call using jquery to an asp.net mvc controller action:
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult GetWeek(string startDay)
{
var daysOfWeek = CompanyUtility.GetWeek(User.Company.Id, startDay);
return Json(daysOfWeek);
}
当会话超时,此调用将会失败,因为用户对象存储在会话中。我为了创建一个自定义属性授权检查,如果会话丢失了,并且重定向到登录页面。这工作正常的页面请求,但它并不适用于Ajax请求工作,因为你不能从一个Ajax请求的重定向:
When session times out, this call will fail, as the User object is stored in session. I created a custom authorize attribute in order to check if session was lost and redirect to the login page. This works fine for page requests, however it doesn't work for ajax requests, as you can't redirect from an ajax request:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthorizeUserAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!httpContext.Request.IsAjaxRequest())
{//validate http request.
if (!httpContext.Request.IsAuthenticated
|| httpContext.Session["User"] == null)
{
FormsAuthentication.SignOut();
httpContext.Response.Redirect("~/?returnurl=" + httpContext.Request.Url.ToString());
return false;
}
}
return true;
}
}
我读了另一个线程,当用户没有通过验证且您进行了Ajax请求,你应该设置状态code至401,然后在JS检查这一点,将其重定向到登录页。但是,我不能得到这个工作:
I read on another thread that when the user isn't authenticated and you make an ajax request, you should set the status code to 401 (unauthorized) and then check for that in js and redirect them to the login page. However, I can't get this working:
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (Request.IsAjaxRequest() && (!Request.IsAuthenticated || User == null))
{
filterContext.RequestContext.HttpContext.Response.StatusCode = 401;
}
else
{
base.OnActionExecuting(filterContext);
}
}
基本上,这将其设置为401,但随后它会持续到控制器动作,并抛出不设置到对象错误,然后返回500错误返回给客户端JS的实例对象参考。如果我改变我的自定义属性授权验证Ajax请求,以及对那些未认证返回false,这使得Ajax请求返回我的登录页面,这显然是行不通的。
Basically, it'll set it to 401, but then it'll continue into the controller action and throw an object ref not set to an instance of an object error, which then returns error 500 back to the client-side js. If I change my custom Authorize attribute to validate ajax requests as well and return false for those that aren't authenticated, that makes the ajax request return my login page, which obviously doesn't work.
我如何得到这个工作?
推荐答案
您可以编写一个自定义的 [授权] 属性,该属性将返回,而不是抛出一个401异常JSON未经授权的访问将允许客户端脚本来妥善地处理方案的情况下:
You could write a custom [Authorize] attribute which would return JSON instead of throwing a 401 exception in case of unauthorized access which would allow client scripts to handle the scenario gracefully:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new JsonResult
{
Data = new
{
// put whatever data you want which will be sent
// to the client
message = "sorry, but you were logged out"
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
再装点您的控制器/与它和客户端上的操作:
then decorate your controller/actions with it and on the client:
$.get('@Url.Action("SomeAction")', function (result) {
if (result.message) {
alert(result.message);
} else {
// do whatever you were doing before with the results
}
});
这篇关于在Ajax调用处理会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
