当尝试注销，所提供的防伪标记是为那些用户QUOT; XXXX＆QUOT;但是当前用户是＆QUOT;＆QUOT; [英] When attempt logoff, The provided anti-forgery token was meant for user "XXXX", but the current user is ""

问题描述

我有一个MVC 4应用程序，有问题的形式会话过期时，然后在用户尝试注销。

I have an MVC 4 app and having issues when the forms session expires and then the user tries to logoff.

防爆。
超时设置为5分钟。
在用户登录。
用户不执行任何操作10分钟。
用户点击注销链接。
用户得到的错误：提供的防伪标记是为了用户XXXX，而当前用户是，

Ex. timeout is set to 5 min. User logs in. User does nothing for 10 min. User clicks the LogOff link. User gets error: "The provided anti-forgery token was meant for user "XXXX", but the current user is ""."

然后，用户不得不去通过一些体操来解决这个问题，使他们能够重新登录，然后再注销（注销被用来关闭他们的考勤卡一天）。

The user then had to go through some gymnastics to get around this so they can re-login then re-logout (logout is being used to close their timecard for the day).

我想我明白为什么会这样......但不知道如何解决它。

I think I understand why this happens...but not sure how to fix it.

编辑：
为什么我认为发生这种情况是因为在加载页面时，原来，是在当前登录用户生成的防伪标记。但后来当会话过期，他们试图导航到注销页，当前用户是，而不是实际的用户。作为这种有一个失配和误差呈现

Why I think this is happening is because originally when the page is loaded, the AntiForgery token is generated for the currently logged in user. But then when the session expires and they try to navigate to the logoff page, the current user is "" instead of the actual user. As such there is a mismatch and the error is rendered.

推荐答案

其实你可以用个IExceptionFilter 处理它，这将重定向到 /帐户/登录

Actually you can handle it with IExceptionFilter, that will redirect to the /Account/Login

public class HandleAntiForgeryError : ActionFilterAttribute, IExceptionFilter
{
    #region IExceptionFilter Members

    public void OnException(ExceptionContext filterContext)
    {
        var exception = filterContext.Exception as HttpAntiForgeryException;
        if (exception != null)
        {
            var routeValues = new RouteValueDictionary();
            routeValues["controller"] = "Account";
            routeValues["action"] = "Login";
            filterContext.Result = new RedirectToRouteResult(routeValues);
            filterContext.ExceptionHandled = true;
        }
    }

    #endregion
}

[HandleAntiForgeryError]
[ValidateAntiForgeryToken]
public ActionResult LogOff() 
{
}

您也可以使用 [的HandleError（ExceptionType = typeof运算（HttpAntiForgeryException）...] ，但它需要的customErrors开。

Also you can use [HandleError(ExceptionType=typeof(HttpAntiForgeryException)...] but it requires customErrors On.

这篇关于当尝试注销，所提供的防伪标记是为那些用户QUOT; XXXX＆QUOT;但是当前用户是＆QUOT;＆QUOT;的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！