如何存储在SessionState会为数据库托管.NET MVC网站 [英] How to store Sessionstate in Database for a hosted .NET MVC website
问题描述
我有一个托管MVC 4网站用户会话超时的问题。当我用IIS-Ex的preSS运行的本地网站,我有一个很长的超时时间。一旦网站被发布到主机(GoDaddy的)的超时时间登录下降到荒谬的东西短(〜10-15分钟)。
I am having an issue with the user session timeout on a hosted MVC 4 website. When I run the site locally with IIS-Express, I have a very long timeout period. Once the site gets published to the host (GoDaddy), the timeout period for logins drops to something absurdly short (~10-15 minutes).
我使用窗体身份验证。在登录我用的是标准的:
I am using forms authentication. On login I use the standard:
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
然后在我的控制器,我使用的授权属性:
[Authorize]
public class BillingAccountController : Controller { ... }
我尝试了好几种解决方案,包括在的web.config 更改设置。在这一点上,我都低于线延长超时:
I have tried several solutions that involve changing settings in the web.config. At this point, I have lines below to extend the timeouts:
<configuration>
...
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" cookieless="UseCookies" />
</authentication>
...
<sessionState mode="InProc" cookieless="UseCookies" timeout="2880" />
...
</system.web>
...
</configuration>
但是,这并不正常工作。它几乎好像它被主机忽略。
But this does not work. It almost seems like it's being ignored by the host.
我已经看到了一些解决方案,改变IIS7设置,但由于这是托管,我不认为我有机会到这一点。 (我看着我的GoDaddy的仪表板,虽然有一个IIS的菜单,这是极其有限的。)
I've seen some solutions that change IIS7 settings, but since this is hosted I do not think I have access to that. (I've looked into my GoDaddy dashboard, and while there is an IIS menu, it is extremely limited.)
该网站已经为现场约4个月,这是从客户端一个不断投诉。
The website has been live for about 4 months, and this is the one continual complaint from the client.
我使用的是自定义角色和成员提供者,是否有帮助。我只使用窗体身份验证,用于创建和授权AUTH饼干。在这一点上,我可能会开到另一个登录解决方案。如放弃窗体身份验证,如果我不得不这样做。
I am using a custom Role and Membership providers, if that helps. I am only using Forms Auth for creating and authorizing the auth cookies. At this point, I could be open to another login solution. Such as abandoning forms authentication if I have to.
我可以想像一些变通,如自定义属性,或者某种周期性AJAX调用这在某种程度上延长了会话,创造我自己的cookie或放弃饼干和使用数据库,寻找第三方解决方案,等....
I can imagine some work-arounds, such as creating my own cookie with a custom attribute, or some kind of periodic AJAX call which somehow extends the session, or abandoning cookies and use the database, searching for a third party solution, etc,....
客户要我做一些事情的地方 - 报价 - 从来没有忘记。我不知道这是正确的答案。但是,如果我至少可以让它超时一小时后或闲置2,我想他们会很高兴,因为这10-15超时实在是烦人。
The client wants me to do something where it - quote - "never" forgets. I'm not sure that's the right answer. But if I can at least make it timeout after an hour or 2 of inactivity, I think they will be happy, as this 10-15 timeout is really annoying.
底线的问题是:如何延长我的会话/登录超时,如果我不能因为主机的,什么是要解决它的最好办法
The bottom line questions are: how to I extend the session/login timeout, and if I can't because of the host, what is the best way to get around it?
更新
这是由他的回答@DouglasThomas提供的资源看完后,我更新为使用SQLServer的会话web.config中,而不是:
After reading up on the resources provided by @DouglasThomas in his answer, I updated the web.config to use SQLServer sessions instead:
<sessionState mode="SQLServer" sqlConnectionString="ConnSessionState" sqlCommandTimeout="30" cookieless="false" timeout="1440" />
使用的连接字符串:
<add name="ConnSessionState" connectionString="data source=1.1.1.1,1433;user id=userid;password=**************" providerName="System.Data.SqlClient" />
这并不似乎已经解决了该问题。用户日志中仍然在不到20分钟的超时。不过,我有一个后续的问题:是否SQLServer的会议需要在SQL数据库端的配置?或者只是在web.config变化?我读的文件不明确。
This does not seemed to have fixed the issue. The user log in is still timing out in less than 20 minutes. Though, I do have a follow question: does SQLServer sessions require any configuration on the SQL database side? Or just the web.config changes? The documents I read were not clear.
更新2
通过@ DaveA的建议,我已经更新我的解决方案。但它仍然似乎并不奏效。我已经配置我的SQL Server防爆preSS与ASP会话状态的数据库。我用此Microsoft文档为指导,以第一次重新配置服务器设置(SQL防爆preSS的要求),然后我用以下命令行:
By @DaveA's suggestion, I have updated my solution. But it still does not seem to be working. I have configured my SQL Server Express with the asp session state database. I used this Microsoft document as a guide to first reconfigure the server settings (a requirement for SQL Express), then I used the following command line:
aspnet_regsql.exe -ssadd -sstype p -S SERVERPC\SQLEXPRESS -E
创建在 ASPState的数据库中的会话状态数据库。新的数据库已成功与几个表和众多的存储过程创建。然后我更新在web.config这样的的sessionState 节点:
to create the session state database in the ASPState database. The new database was successfully created with several tables and numerous stored procedures. I then updated the sessionState node in the web.config as such:
<sessionState
mode="SQLServer"
sqlConnectionString="data source=1.1.1.1,1433;user id=userid;password=**************"
allowCustomSqlDatabase="true"
sqlCommandTimeout="30"
cookieless="false"
timeout="1440"
/>
不过,这并不似乎已对登录的过程中任何影响。我不知道,如果它甚至使数据库的连接,因为没有新的记录已填充在ASPState的数据库中的表。我会注意到,我没有明确使用会话变量在我的web应用程序的任何地方。我假设的窗体身份验证应该以某种方式使用它们。
But it does not appear to have had any affect on the duration of the login. I cannot tell if it is even making the connection to the database as no new records have populated the tables in the ASPState DB. I will note that I am not explicitly using session variables anywhere in my web application. I am assuming that the Forms Authentication is supposed to be using them somehow.
解决方案
与@DaveA协调一致的努力后,他发现在有pretty人太多相同的问题的www.asp.net论坛的一篇文章:<一href=\"http://forums.asp.net/t/1967093.aspx?Forms+authentication+session+timeout+issue+after+10+minutes\" rel=\"nofollow\">http://forums.asp.net/t/1967093.aspx?Forms+authentication+session+timeout+issue+after+10+minutes
After a concerted effort with @DaveA, he uncovered an article on an www.asp.net forum of someone having pretty much the same problem: http://forums.asp.net/t/1967093.aspx?Forms+authentication+session+timeout+issue+after+10+minutes
每@ DaveA的建议我增加了一个的machineKey 部分我的web.config(的这是我从这里生成)。上传和测试现场的网站后,然后在20小时后不活动,用户登录持续。所以我相信该机关键是在我的情况了答案。
Per @DaveA's suggestion I added a machineKey section to my web.config (which I generated from here). After uploading and testing on the live website, then after over 20 hours of inactivity, the user login persisted. So I believe that the machine key was the answer in my case.
推荐答案
的问题是:
您正试图用一个定义的连接字符串与 SessionState会提供的。这是非常合乎逻辑,但并不因为工作的的 SessionState会提供的仍然使用它从 ASP.NET 1.0 的,而连接字符串是在引进 ASP.NET 2.0 的
You are trying to use a defined Connection String with the SessionState Provider. This is very logical, but doesn't work because SessionState Provider still uses it's original definition from ASP.NET 1.0, while Connection Strings were introduced in ASP.NET 2.0.
这是一个奇怪的矛盾,微软从来没有解决。
This is an odd inconsistency that Microsoft never addressed.
为了设置DBSession国:
1)当你定义使用你的完整的连接字符串您的的 SessionState会的
1) Use your full connection string when you define your SessionState
<sessionState mode="SQLServer"
sqlConnectionString="data source=1.1.1.1,1433;user id=userid;password=**************"
sqlCommandTimeout="30" cookieless="true" timeout="1440" />
非常重要:设置无Cookie =真正的,并在您的登录方法确保与rememberMe = FALSE 。这些步骤是prevent重要使用cookie进行会话状态的框架。
Very Important: Set cookieless="true" and in your login method make sure that rememberme=false. These steps are important to prevent the framework from using cookies for session state.
2)您的SQL Server上创建模式:
2) Create the schema on your sql server:
aspnet_regsql.exe -ssadd -d <Your Database>
-sstype c -S <Server> -U <Username> -P <Password>
3):设置计算机密钥属性您的的web.config 的以您的会议和会员绑定到你的主机:
3) Set Machine Key property in you web.config to bind your sessions and membership to your host:
<一个href=\"http://stackoverflow.com/questions/15603289/forms-authentication-across-virtual-directories/15603840#15603840\">Forms在虚拟目录认证
http://aspnetresources.com/tools/machineKey
记住:
使用数据库会话是性能和成本(如你已经注意到)的所有参数传递功能乏味。这是远从一个完美的解决方案。
Using Database for session is performance costly and (as you've noticed) functionally tedious with all the parameter passing. This is far from a perfect solution.
共享帐户往往会造成由于负荷平衡会议的问题。在这种情况下,你都关闭转向饼干更好。您更大的问题似乎是GoDaddy的共享主机的限制会话超时(cookie和session)出于安全原因的政策。
Shared accounts often cause problems for sessions due to load balancing. In such cases, you are better off turning to Cookies. Your greater problem seems to be GoDaddy shared hosting policy of limiting Sessions timeouts (Cookies and sessions) for security reasons.
如果性能成为一个问题,你可能要更改托管计划。
If performance becomes a problem, you may want to change hosting plans.
计算机密钥:是为了成员绑定到一个域。当计算机密钥匹配,会员可以跨多个域共享。这可能有所作为,即使没有DB会话(并且是值得一试)。
Machine Key: is meant to bind Membership to a Domain. When Machine Key matches, membership can be shared across multiple domains. This may make a difference even without DB session (and is worth a try).
这篇关于如何存储在SessionState会为数据库托管.NET MVC网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
