表单身份验证和会话到期 [英] Forms authentication and session expiration
问题描述
嗨
我在asp.net中使用角色基础表单身份验证,并且在我想要建议的问题上来了
。 />
成功登录后,会话变量被设置为标识用户。
这很好,因为此会话变量用于检索数据
该用户等。但是,如果我重新启动网络服务器,则用户
会话将丢失,但票证仍处于活动状态。因此,用户没有被重定向回登录页面。
我的问题是查看用户会话是否为
仍处于活动状态,并从表单身份验证中注销用户。
我真的不想对每个成员页面执行检查。我也不能在$ global.com中执行支票,因为有些非mmbers页面可以查看
。如果用户
会话已经过期,我也不希望重建会话。
我确信有一个简单的答案,但我不能来最好的方法是
。
任何人都可以提供帮助吗?
我的第一个问题是让票价比会话更快。
您可以在网络中设置票证时间。 config:
< authentication mode =" Forms">
< forms timeout ="" />
< / authentication>
我认为以下博文也是相关的:
http://weblogs.asp.net/rajbk/archive。 ..11 / 241080.aspx
如果您有任何疑问,请告诉我。
干杯,
Tom Pester
PS
您还可以将会话存储在数据库中,以便它能够存活到
,只要你愿意(AFAIK)。
嗨
我在asp.net中使用角色基础表单身份验证并且已经来了
我想要建议的问题。
成功登录时,会话变量被设置为识别用户。
这很好,因为使用了这个会话变量为该用户等检索数据。但是,如果我重新启动网络服务器,那么用户会话会丢失,但票证仍处于活动状态。因此,用户不会被重定向回登录页面。
我的问题是,查看用户会话是否仍处于活动状态并注销用户的最佳方法是什么来自表单身份验证。
我真的不想对每个成员页面执行检查。我也不能在global.aspx中执行检查,因为有一些可以查看的非mmbers页面
。如果
用户会话已经过期,我也不希望重建会话。
我确信有一个简单的答案,但我无法想出最好的
方法。
任何人都可以帮忙吗?
OK。我理解这一点并感谢网址。
如果重置IIS或者我将新版本放到服务器上,将票证超时设置为比会话更早到期将不会工作。
重置sesion还是将它存储在DB中唯一的前进方式
对我来说?
感谢您的帮助
Rippo
我的第一个想法是没有工作的第二个想法,并不是你的回答
问题。
我的问题是查看用户会话
是否仍处于活动状态并从表单中注销用户的最佳方法是什么认证
如果会话(X)=""那么FormsAuthentication.SignOut()
这就是你想要的吗?
如果您有任何疑问,请告诉我..
干杯,
汤姆佩斯特
我的第一个问题是让票价比会议更快。
您可以在web.config中设置故障单时间:
< authentication mode =" Forms">
< forms timeout ="" />
< / authentication>
我认为以下博文也是相关的:
http://weblogs.asp.net/rajbk/archive...11/241080.aspx
如果您还有其他问题,请告诉我们。
干杯,
Tom Pester
PS
您还可以将会话存储在一个数据库,只要你愿意(AFAIK)就可以生存
。
嗨
我正在使用角色基础表单身份验证asp.net已经来了解我想要建议的问题。
在成功登录时,会话变量被设置为识别用户。
这一切都很好因为此会话变量用于检索该用户的数据等。但是,如果我重新启动网络服务器,则用户会话会话丢失,但票证仍处于活动状态。因此,用户不会被重定向回登录页面。
我的问题是查看用户会话是否仍处于活动状态并签署用户的最佳方法是什么来自表单身份验证。
我真的不想对每个成员页面执行检查。我也不能在global.aspx中执行检查,因为有一些可以查看的非mmbers页面
。如果
用户会话已经过期,我也不希望重建会话。
我确信有一个简单的答案,但我无法想出最好的
方法。
任何人都可以帮忙吗?
Hi
I am using role base forms authentication in asp.net and have come
across a problem that I would like advice on.
On a successful login a session variable is set to identify a user.
This is all good as this session variable is used to retrieve data for
that user etc. However if I restart the webserver then the users
session is lost but the ticket is still active. Therefore the user is
not redirected back to the login page.
My question is what is the best approach to see if the user session is
still active and sign out the user from forms authentication.
I do not really want to perform a check on every member page. Nor can I
perform a check in global.aspx as there are some non mmbers pages that
can be viewed. I also do not wish to rebuild the session if the users
session has expired.
I am sure that there is an easy answer however I can not come up with
the best approach.
Can any one help?
My first though is to make the ticket timout sooner than the session.
You can set the ticket timout in the web.config :
<authentication mode="Forms">
<forms timeout="" />
</authentication>
I think the following blog post is also relevant :
http://weblogs.asp.net/rajbk/archive...11/241080.aspx
Let me know if you have any more questions..
Cheers,
Tom Pester
PS
You can also store the session in a database so that it will survive for
as long as you want (AFAIK).
Hi
I am using role base forms authentication in asp.net and have come
across a problem that I would like advice on.
On a successful login a session variable is set to identify a user.
This is all good as this session variable is used to retrieve data for
that user etc. However if I restart the webserver then the users
session is lost but the ticket is still active. Therefore the user is
not redirected back to the login page.
My question is what is the best approach to see if the user session is
still active and sign out the user from forms authentication.
I do not really want to perform a check on every member page. Nor can
I perform a check in global.aspx as there are some non mmbers pages
that can be viewed. I also do not wish to rebuild the session if the
users session has expired.
I am sure that there is an easy answer however I can not come up with
the best approach.
Can any one help?
OK.I understand this and thanks for the url.
Setting the ticket timeout to expire sooner than the session will not
work if IIS is reset or if I place a new build on to the server.
Is resetting the sesion or storing it in the DB the only way forward
for me?
Thanks for any help
Rippo
My first thought doesnt work at second thought and isn''t an answer to your
question.
My question is what is the best approach to see if the user session
is still active and sign out the user from forms authentication.
if session("X") = "" then FormsAuthentication.SignOut()
Is this what you want?
Let me know if you have any more questions..
Cheers,
Tom Pester
My first though is to make the ticket timout sooner than the session.
You can set the ticket timout in the web.config :
<authentication mode="Forms">
<forms timeout="" />
</authentication>
I think the following blog post is also relevant :
http://weblogs.asp.net/rajbk/archive...11/241080.aspx
Let me know if you have any more questions..
Cheers,
Tom Pester
PS
You can also store the session in a database so that it will survive
for
as long as you want (AFAIK).Hi
I am using role base forms authentication in asp.net and have come
across a problem that I would like advice on.
On a successful login a session variable is set to identify a user.
This is all good as this session variable is used to retrieve data
for that user etc. However if I restart the webserver then the users
session is lost but the ticket is still active. Therefore the user is
not redirected back to the login page.
My question is what is the best approach to see if the user session
is still active and sign out the user from forms authentication.
I do not really want to perform a check on every member page. Nor can
I perform a check in global.aspx as there are some non mmbers pages
that can be viewed. I also do not wish to rebuild the session if the
users session has expired.
I am sure that there is an easy answer however I can not come up with
the best approach.
Can any one help?
这篇关于表单身份验证和会话到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
