大量具有相同会话ID的Session_Start [英] Large number of Session_Start with same session id
问题描述
我正在开发箱(在Vista/IIS7上为.NET 2.0)上运行ASP.NET网站.global.asax.cs中的Session_Start方法将每个调用记录到文件(log4net).Session_End方法还记录每个调用.
I'm running a ASP.NET website on my development box (.NET 2.0 on Vista/IIS7). The Session_Start method in global.asax.cs logs every call to a file (log4net). The Session_End method also logs every call.
我正在使用InProc会话状态,并将会话超时设置为5分钟(以避免等待20分钟).
I'm using InProc session state, and set the session timeout to 5 mins (to avoid waiting for 20 mins).
我访问了网站,等待5分钟,我看到了Session_End日志.然后我F5网站.浏览器仍然具有会话cookie并将其发送到服务器.调用Session_Start并使用相同的会话ID创建一个新会话(顺便说一句:我需要使用相同的会话ID,因为它用于存储数据库中的数据).
I hit the website, wait for 5 minutes unit I see the Session_End logging. Then I F5 the website. The browsers still has the session cookie and sends it to the server. Session_Start is called and a new session is created using the same session id (btw: I need this to be the same session id, because it is used to store data in database).
结果:每当我在先前结束的会话上按F5时,都会调用Session_Start方法,执行请求,并立即调用Session_End方法.
Result: Every time I hit F5 on a previously ended session, the Session_Start method is called, the request is executed and the Session_End method is called immediately.
当我打开其他浏览器时,Session_Start方法仅被调用一次.然后在5分钟后,每个F5的Session_End导致执行Session_Start/request/Session_End序列.
When I open a different browser, the Session_Start method is called just once. Then after 5 minutes the Session_End each F5 causes the Session_Start/request/Session_End sequence to execute.
web.config相关部分:
web.config relevant section:
<system.web>
<compilation debug="true" />
<sessionState timeout="2" regenerateExpiredSessionId="false" />
</system.web>
推荐答案
regenerateExpiredSessionId 设置与
The regenerateExpiredSessionId setting relates to cookieless URLs only, it doesn't affect the behaviour of a session cookie which will be reused.
您遇到的问题是由于ASP.NET 2.0/3.5根据是否正在使用来处理会话的方式.在正常情况下,它不会尝试在第一次使用会话之前保留会话,因此不会发出会话cookie(如果不存在).第一次使用会话 时,会在服务器上创建一个会话并发出一个会话cookie.
The issue you are experiencing is because of the way ASP.NET 2.0/3.5 handles sessions based on whether it's in use. In normal circumstances it does not try to persist a session until the first time it's used and therefore does not issue a session cookie (if it doesn't exist). The first time session is used, a session is created on the server and a session cookie issued.
现在,当重新启动上一个会话但不使用它时,ASP.NET会有些混乱.它尝试立即放弃未使用的(重新启动的)会话,因为这不是必需的,这会提早提供Session_End.但是,它不会删除先前存在的会话cookie,因此每个后续请求都会重复该序列,重新启动会话,然后终止会话,直到删除cookie或使用会话为止.
Now when a previous session is restarted but not used, then ASP.NET gets a little confused. It tries to abandon the unused (restarted) session immediately as it's not required, which raises an early Session_End. However it does not delete the pre-existing session cookie, and hence every subsequent request repeats the sequence, restarting and then terminating the session until the cookie is deleted or the session is used.
在.Net 4.0中,此行为已更改,并且在这种情况下不再触发该事件.
In .Net 4.0 this behaviour has changed, and the event no longer fires in this case.
这篇关于大量具有相同会话ID的Session_Start的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
