ASP.NET会话超时早 [英] ASP.NET sessions timing out early

问题描述

我实现了从的肯尼斯·斯科特控制。它是由主办IIS7在.NET 4中。

I've implemented a custom ASP.NET session timeout control derived from a control by Kenneth Scott. It's hosted by IIS7 in .NET 4.

长话短说，这是一个服务器控件（实施System.Web.UI.WebControls.WebControl），我包括在我的网站母版页。控制是看不见的，当一个页面呈现启动定时器。经过X分钟过去了，会显示一个DIV告诉他们的会话超时用户，并为他们提供了一个按钮，单击，如果他们想保持登录状态。

Long story short, it's a server control (implementing System.Web.UI.WebControls.WebControl) that I include in my site master page. The control is invisible, and starts a timer when a page is rendered. After X minutes have passed, a DIV is displayed telling the user their session is timing out, and offers them a button to click if they want to stay logged in.

点击按钮即可触发一个标准的回发到服务器。它不会在服务器上执行任何有用的工作，除了重置滑动到期的会话。

Clicking the button just fires a standard postback to the server. It doesn't perform any useful work on the server, except for resetting the sliding expiry for the session.

超时控制被配置在一分钟内踢前的会话应该到期。当它到达0，盘中也应该到期了，我将用户重定向到登录页面，并通知他们，他们超时由于不活动。

The timeout control is configured to kick in a minute before the session should expire. When it reaches 0, the session should also be expiring, and I redirect the user to the login page and notify them that they timed out due to inactivity.

它的伟大工程的大部分时间，但有时不工作。该按钮还出现了工作给用户，而是试图去点击网站上的任何其他控件后，他们立即被人抛弃到登录页面（在web.config中定义的标准ASP.NET行为）。

It works great the majority of the time, but sometimes "doesn't work". The button still appeared to work to users, but after trying to click any other control on the site, they immediately get dumped to the login page (standard ASP.NET behaviour defined in web.config).

我添加了一些日志语句到Click事件处理程序，并发现它不是射击。我的假设的这里是客户端向服务器发送一个请求，但由于会话过期，我的事件处理程序永远不会触发。

I added some logging statements to the click event handler and discovered that it's not firing. My assumption here is that the client is sending a request to the server, but since the session is expired, my event handler never fires.

我相信我的应用程序池没有得到回收利用（它的配置为每日一次回收，并没有进程或粘性手指的管理员正在编辑中的应用程序目录中的文件）。这种故障是间歇发生。我们使用Forms身份验证。

I'm confident my app pool isn't getting recycled (it's configured to recycle once daily, and no processes or sticky-fingered admins are editing files in the application directory). This failure is happening intermittently. We're using Forms authentication.

在web.config中我的System.Web节：

My system.web section in web.config:

<sessionState mode="InProc" timeout="20" />
<authentication mode="Forms">
  <forms path="/" loginUrl="Pages/LoginPage.aspx" protection="All" timeout="20" slidingExpiration="true" />
</authentication>

我暂时的解决方法是增加我们的会话和形式超时30分钟，引入超时，20分钟后仍注销用户一个新的配置设置。这额外的10分钟之内足够的填充，我的控制按预期工作。

My workaround for the moment has been to increase our session and forms timeout to 30 minutes, and introduce a new configuration setting for the timeout, which still logs the user out after 20 minutes. That extra 10 minutes provides enough padding that my control works as expected.

我不喜欢这个方案，因为它充其量是一种解决方法。我觉得我不理解ASP.NET会话超时机制充分（尽管已经反复阅读MSDN文档）。谁能解释我看到的行为，或者指出任何坏的假设，我做？

I dislike the solution because it's a workaround at best. I feel like I don't understand the ASP.NET session timeout mechanism adequately (despite having read and reread the MSDN documentation). Can anyone explain the behaviour I'm seeing, or maybe point out any bad assumptions I'm making?

推荐答案

您可以尝试登录的任何应用程序的结局和结束的原因，只是为了排除它有什么关系的。我总是用这个脚本为（只要把它在Global.asax）：

You could try to log any application-endings and the reason for ending, just to rule out it has anything to do with that. I always use this script for that (just put it in the global.asax):

protected void Application_End()
  {
     Type httpRuntimeType = typeof (HttpRuntime);

     HttpRuntime runtime =
        (HttpRuntime)
        httpRuntimeType.InvokeMember("_theRuntime", BindingFlags.NonPublic
                                                    | BindingFlags.Static |
                                                    BindingFlags.GetField,
                                     null, null,
                                     null);

     if (runtime == null)
        return;

     string shutDownMessage =
        (string) runtime.GetType().InvokeMember("_shutDownMessage",
                                                BindingFlags.NonPublic
                                                | BindingFlags.Instance
                                                | BindingFlags.GetField,
                                                null,
                                                runtime,
                                                null);

     string shutDownStack =
        (string) runtime.GetType().InvokeMember("_shutDownStack",
                                                BindingFlags.NonPublic
                                                | BindingFlags.Instance
                                                | BindingFlags.GetField,
                                                null,
                                                runtime,
                                                null);

     EventLog log = new EventLog();
     log.Source = ".NET Runtime";
     log.WriteEntry(
        String.Format(
           "\r\n\r\n_shutDownMessage={0}\r\n\r\n_shutDownStack={1}",
           shutDownMessage,
           shutDownStack),
        EventLogEntryType.Information);
  }

这篇关于ASP.NET会话超时早的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！