处理 ajax 调用中的会话超时 [英] Handling session timeout in ajax calls
问题描述
我正在使用 jquery 对 asp.net mvc 控制器操作进行 ajax 调用:
I'm making an ajax call using jquery to an asp.net mvc controller action:
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult GetWeek(string startDay)
{
var daysOfWeek = CompanyUtility.GetWeek(User.Company.Id, startDay);
return Json(daysOfWeek);
}
当会话超时时,此调用将失败,因为用户对象存储在会话中.我创建了一个自定义授权属性,以检查会话是否丢失并重定向到登录页面.这适用于页面请求,但不适用于 ajax 请求,因为您无法从 ajax 请求重定向:
When session times out, this call will fail, as the User object is stored in session. I created a custom authorize attribute in order to check if session was lost and redirect to the login page. This works fine for page requests, however it doesn't work for ajax requests, as you can't redirect from an ajax request:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthorizeUserAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!httpContext.Request.IsAjaxRequest())
{//validate http request.
if (!httpContext.Request.IsAuthenticated
|| httpContext.Session["User"] == null)
{
FormsAuthentication.SignOut();
httpContext.Response.Redirect("~/?returnurl=" + httpContext.Request.Url.ToString());
return false;
}
}
return true;
}
}
我在另一个线程上读到,当用户未通过身份验证并且您发出 ajax 请求时,您应该将状态代码设置为 401(未授权),然后在 js 中检查它并将它们重定向到登录页面.但是,我无法使其正常工作:
I read on another thread that when the user isn't authenticated and you make an ajax request, you should set the status code to 401 (unauthorized) and then check for that in js and redirect them to the login page. However, I can't get this working:
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (Request.IsAjaxRequest() && (!Request.IsAuthenticated || User == null))
{
filterContext.RequestContext.HttpContext.Response.StatusCode = 401;
}
else
{
base.OnActionExecuting(filterContext);
}
}
基本上,它会将它设置为 401,但随后它会继续执行控制器操作并抛出一个未设置为对象错误实例的对象引用,然后将错误 500 返回给客户端 js.如果我更改自定义 Authorize 属性以验证 ajax 请求,并为未通过身份验证的请求返回 false,这会使 ajax 请求返回我的登录页面,这显然不起作用.
Basically, it'll set it to 401, but then it'll continue into the controller action and throw an object ref not set to an instance of an object error, which then returns error 500 back to the client-side js. If I change my custom Authorize attribute to validate ajax requests as well and return false for those that aren't authenticated, that makes the ajax request return my login page, which obviously doesn't work.
我如何让它工作?
推荐答案
你可以编写一个自定义的 [Authorize] 属性,它会返回 JSON 而不是抛出 401 异常,以防未经授权的访问允许客户端脚本优雅地处理场景:
You could write a custom [Authorize] attribute which would return JSON instead of throwing a 401 exception in case of unauthorized access which would allow client scripts to handle the scenario gracefully:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new JsonResult
{
Data = new
{
// put whatever data you want which will be sent
// to the client
message = "sorry, but you were logged out"
},
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
然后用它和客户端装饰你的控制器/动作:
then decorate your controller/actions with it and on the client:
$.get('@Url.Action("SomeAction")', function (result) {
if (result.message) {
alert(result.message);
} else {
// do whatever you were doing before with the results
}
});
这篇关于处理 ajax 调用中的会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
