当会话过期会话管理器将无法登录我出去,HTTPContext.Current为Null [英] Session Manager will not log me out when session expires, HTTPContext.Current is Null
问题描述
我有这个问题,我目前的会话管理器,当会话过期也不会注销用户。
在随机时间间隔,而用户登录的 HttpContext.Current 是 NULL 导致网站产生许多错误。我试过了几个技术来重定向用户在会话过期登录,但没有成功。
- 在
的Global.asax我利用Session_End中可以尝试
叫注销的方法,但这种被用户登录之前,甚至被处决
英寸 - 在
的Global.asax我加入Application_AcquireRequestState,但遗憾的是这使得方式多次调用SSO服务。此外,它从来没有在重定向会话过期登录。我测试了以下FormsAuthentication.RedirectToLoginPage();没有运气。
我发现这个答案由莱克斯李的为什么HttpContext.Current为null ? - 它给了我在我的问题可能是什么样的一些见解,甚至,虽然我的应用程序不使用后台线程,我的 HttpContext.Current 附带了一些随机的请求返回空,并不总是发生。
会话管理器
公共类是SessionManager
{
私人常量字符串SessionKey =AppSession; 私人SessionManager(中间)
{
GUID =新的GUID();
名字=的String.Empty;
姓氏=的String.Empty;
电子邮件=的String.Empty;
SessionExpiration =新的DateTime();
} //获取当前会话。
公共静态电流是SessionManager
{
得到
{
如果(HttpContext.Current!= NULL)
{
如果(HttpContext.Current.Session [SessionKey] == NULL)
{
VAR模型=新SessionManager(中间);
HttpContext.Current.Session [SessionKey] =模型;
}
返回(是SessionManager)HttpContext.Current.Session [SessionKey]
}
其他
{
返回null;
}
} } 公共静态无效LogOffUser()
{
// SSO是一个单独的服务,我需要保持INSYNC。
VAR ssoAuth =新SSOAuth();
如果(当前!= NULL)
ssoAuth.SSOLogoffUser(Current.GUID); FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
} 公众的Guid GUID {搞定;组; }
公共字符串名字{获得;组; }
公共字符串名字{获得;组; }
公共字符串电子邮件{获得;组; }
公众的DateTime SessionExpiration {搞定;组; }
}
登录控制器
[HttpPost]
[使用AllowAnonymous]
公共JsonResult登录(LoginViewModel用户)
{
VAR ssoAuth =新SSOAuth();
VAR sessionObject = ssoAuth.SSOLoginUser(user.Email,user.password的); 如果(sessionObject = NULL&放大器;!&安培;!sessionObject.SessionId = Guid.Empty)
{
SessionManager.Current.Email = sessionObject.UserId;
SessionManager.Current.GUID = sessionObject.SessionId;
SessionManager.Current.FirstName = sessionObject.FirstName;
SessionManager.Current.LastName = sessionObject.LastName;
SessionManager.Current.SessionExpiration = sessionObject.SessionExpiration; //及时得到会话超时在几分钟内抢差异。
VAR differenceInTime = SessionManager.Current.SessionExpiration - DateTime.Now;
查看Session.Timeout = differenceInTime.Minutes; //验证用户
FormsAuthentication.SetAuthCookie(user.Email,FALSE); //我们返回JSON,它的AJAX调用。
返回JSON(新
{
的redirectUrl =/Home.mvc/Home/Index
isRedirect =真
});
} 返回JSON(新
{
的redirectUrl =的String.Empty,
isRedirect = FALSE
});
}
这可疑听起来像它可能是一个会话与窗体身份验证计时问题类似
<一href=\"http://stackoverflow.com/questions/1470777/forms-authentication-timeout-vs-session-timeout\">Forms验证超时VS会话超时
请确保您的表格超时是至少2倍会话超时。
I'm having this issue with my current session manager, when the session expires it will not log off the user.
At random intervals while user is logged in the HttpContext.Current is NULL causing the site to generate many errors. I've tried a couple of techniques to redirect user to login upon session expiration, with no success.
- Under
Global.asaxI'm making use ofSession_Endcan attempted to callLogOutmethod but this gets executed even before user logs in. - Under
Global.asaxI addedApplication_AcquireRequestState, but sadly this makes way to many calls to the SSO Service. Also, it never redirected to login upon session expiration. I tested it with the followingFormsAuthentication.RedirectToLoginPage(); No luck.
I found this answer by Lex Li "Why HttpContext.Current be null?" - it gave me some insight on what my problem could be, even-though my application doesn't make use of background-threads, my HttpContext.Current comes back Null with some random requests, doesn't always happen.
Session Manager
public class SessionManager
{
private const string SessionKey = "AppSession";
private SessionManager()
{
GUID = new Guid();
FirstName = String.Empty;
LastName = String.Empty;
Email = String.Empty;
SessionExpiration = new DateTime();
}
// Gets the current session.
public static SessionManager Current
{
get
{
if(HttpContext.Current != null)
{
if (HttpContext.Current.Session[SessionKey] == null)
{
var model = new SessionManager();
HttpContext.Current.Session[SessionKey] = model;
}
return (SessionManager)HttpContext.Current.Session[SessionKey];
}
else
{
return null;
}
}
}
public static void LogOffUser()
{
//SSO is a seperate service, I need to stay insync.
var ssoAuth = new SSOAuth();
if(Current != null)
ssoAuth.SSOLogoffUser(Current.GUID);
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
public Guid GUID { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
public string Email { get; set; }
public DateTime SessionExpiration { get; set; }
}
Login Controller
[HttpPost]
[AllowAnonymous]
public JsonResult Login(LoginViewModel user)
{
var ssoAuth = new SSOAuth();
var sessionObject = ssoAuth.SSOLoginUser(user.Email, user.Password);
if (sessionObject != null && sessionObject.SessionId != Guid.Empty)
{
SessionManager.Current.Email = sessionObject.UserId;
SessionManager.Current.GUID = sessionObject.SessionId;
SessionManager.Current.FirstName = sessionObject.FirstName;
SessionManager.Current.LastName = sessionObject.LastName;
SessionManager.Current.SessionExpiration = sessionObject.SessionExpiration;
//Grab difference in time to get session timeout in minutes.
var differenceInTime = SessionManager.Current.SessionExpiration - DateTime.Now;
Session.Timeout = differenceInTime.Minutes;
//Authenticate user
FormsAuthentication.SetAuthCookie(user.Email, false);
//We return JSON, Its an AJAX Call.
return Json(new
{
redirectUrl = "/Home.mvc/Home/Index",
isRedirect = true
});
}
return Json(new
{
redirectUrl = string.Empty,
isRedirect = false
});
}
This sounds suspiciously like it may be a session vs. forms authentication timing issue similar to Forms Authentication Timeout vs Session Timeout
Make sure your Forms timeout is at least 2x your session timeout.
这篇关于当会话过期会话管理器将无法登录我出去,HTTPContext.Current为Null的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
