ASP.NET会话超时测试 [英] ASP.NET Session Timeout Testing
问题描述
我是做ASP.Net网站的某些黑盒测试,我需要测试不同的会话超时方案。
I'm a doing some blackbox testing of a ASP.Net website and I need to test different session timeout scenarios.
我不知道他们完全封装的会话超时。其他然后留下开放20分钟一个页面有更简单的方法来强制会话超时?
I'm not sure they fully encapsulated session timeouts. Other then leaving a page open for 20 minutes is there an easier way to force a session timeout?
推荐答案
减少超时
要测试这个的最简单和最非侵入性的方式可能是只减小超时一个相当小的数目,例如3分钟或5分钟。这样,您就可以暂停了几分钟,来模拟一个较长的停顿,而不必担心应用程序重新启动或有您的测试结果有任何影响专用复位code。
The easiest and most non-intrusive way to test this is probably to just decrease the timeout to a fairly small number, such as 3 or 5 minutes. This way you can pause for a few minutes to simulate a longer pause without worrying about application restarts or special reset code having any affect on your test results.
您可以修改会话状态超时在几个地点 - 在全球范围(在位于config文件夹适用的.NET framework版本,在web.config),或者只是为你的应用
You can modify the session state timeout in a few locations - globally (in the web.config located in the config folder for the applicable .NET framework version), or just for your application.
要修改超时只为您的应用程序,你可以添加以下到您的应用程序的web.config:
To modify the timeout just for your application, you can add the following to your application's web.config:
<system.web>
<sessionState timeout="60" />
...
另外,您也可以通过IIS配置对话框(我相信你仍然需要有一个web.config为您的应用程序定义,虽然,否则编辑配置将被禁用)修改为您的应用同样的设置。
Alternatively, you can also modify this same setting for your application through an IIS configuration dialog (I believe you still need to have a web.config defined for your application though, otherwise Edit Configuration will be disabled).
要访问此,在IIS Web应用程序右键单击,然后导航到属性| ASP.NET选项卡|编辑配置|状态管理选项卡|会话超时(分钟)。
To access this, right-click on your web application in IIS, and navigate to Properties | ASP.NET tab | Edit Configuration | State Management tab | Session timeout (minutes).
请注意,您还可以通过code操纵此设置 - 如果这是已经在这样做,不是在web.config文件中的设置将有效地被忽略,你将需要使用另一种技术
Note that you can also manipulate this setting through code - if this is already being done, than the setting in the web.config file will effectively be ignored and you will need to use another technique.
拨打Session.Abandon()
一个稍微侵入技术比设定较低的超时将调用Session.Abandon()。可以肯定的,直到所有的脚本当前页面进行处理的命令从一个网页从您的应用程序独立,虽然称此,作为会话实际上没有结束。
A slightly more intrusive technique than setting a low timeout would be to call Session.Abandon(). Be sure to call this from a page separate from your application though, as the session isn't actually ended until all script commands on the current page are processed.
我的理解是,这将是检验会话超时,而无需实际等待他们一个相当干净的方法。
My understanding is that this would be a fairly clean way to test session timeouts without actually waiting for them.
强制重新启动应用程序
在会话状态的默认配置,可以模拟通过完全由导致重新启动应用程序吹走会议会话超时。这可以通过多种方式,其中的一些列举如下:
In a default configuration of session state, you can simulate a session timeout by blowing away the sessions entirely by causing the application to restart. This can be done several ways, a few of which are listed below:
- 回收应用程序池通过
- 的IIS MMC管理单元
- 命令行(iisapp / A AppPoolID / R)
- 修改web.config中,Global.asax的,或DLL中的bin目录
- 的IIS MMC管理单元
- services.msc,然后重新启动IIS Admin服务
- 命令行(IISRESET)
当我提到默认配置,我的意思是被配置为使用是InProc会话状态模式的web应用程序。还有其他模式,实际上可以保持会话状态,即使在Web应用程序重新启动(的StateServer,SQLServer的,自定义)。
When I mention "default configuration", I mean a web application that is configured to use "InProc" session state mode. There are others modes that can actually maintain session state even if the web application is restarted (StateServer, SQLServer, Custom).
篡改状态跟踪机制
假设你的Web应用程序不与cookie的配置模式(默认情况下,cookies将被使用),你可以删除包含在客户端浏览器会话ID的Cookie中。
Assuming your web application isn't configured with a "cookie-less" mode (by default, cookies will be used), you could remove the cookie containing the session ID from the client browser.
不过,我的理解是,这是不是真的模拟一个超时,因为服务器仍然会意识到会话,它只是将不使用它见人。没有一个会话ID的请求将只是被视为需要一个新的会话一个看不见的请求,这可能是也可能不是你要测试的是。
However, my understanding is that this isn't really simulating a time-out, as the server will still be aware of the session, it just won't see anyone using it. The request without a session ID will simply be treated as an unseen request in need of a new session, which may or may not be what you want to test.
这篇关于ASP.NET会话超时测试的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
