如何在会话超时或结束时注销用户 [英] How to log out a user when a session times out or ends

问题描述

在会话结束或过期时注销用户的最佳方法是什么?

Whats the best way to log out a user when a session ends or expires?

感谢您的帮助.

推荐答案

这实际上取决于您正在寻找的所需功能.我假设您使用的是 FormsAuthentication.

It really depends on the desired functionality you're looking for. I'm going to assume you're using FormsAuthentication.

您需要关注两件独立的事情:Session 和 FormsAuthentication cookie.除非我弄错了，否则两者都有不同的超时时间.

There's two separate things you need to be concerned about: the Session and the FormsAuthentication cookie. Unless I'm mistaken, both of these have separate timeouts.

如果您遇到的问题是会话超时但用户仍通过身份验证，您可以尝试以下组合:

If the problem you're having is that the session is timed out but the user still is authenticated, you could try a combination of the following:

1:确保身份验证 cookie 与会话具有相同的超时值:

1: Making sure the authentication cookie has the same timeout value as the session:

<authentication mode="Forms"><forms ... timeout="20" ... ><authentication>
<sessionState ... timeout="20" ... />

2:在您的 Page_Load 事件中，检查会话是否超时:

2: In your Page_Load event, check if the session has timed out:

if (context.Session != null && Context.Session.IsNewSession == true &&
    Page.Request.Headers["Cookie"] != null &&
    Page.Request.Headers["Cookie"].IndexOf("ASP.NET_SessionId") >= 0)
{
    // session has timed out, log out the user
    if (Page.Request.IsAuthenticated)
    {
        FormsAuthentication.SignOut();
    }
    // redirect to timeout page
    Page.Response.Redirect("/Timeout.aspx");
}

(有关检测的信息，请参见 http://www.eggheadcafe.com/articles/20051228.asp会话超时)

(See http://www.eggheadcafe.com/articles/20051228.asp for information on detecting a session timeout)

如果您想要更愉快的用户体验，您可以使用 JavaScript 在 X 分钟后启动某种模态 UI 弹出窗口.这个弹出窗口将简单地允许用户启动一个按钮点击，这将触发服务器上的 AJAX 回发，从而扩展他们的身份验证和会话 cookie，而无需重新加载页面.我以前从未实现过，但是看，这家伙做了一个ASP.NET AJAX 控件!

If you want a more pleasant user experience, you could use javascript to initiate some sort of a modal UI popup after X minutes. This popup would simply allow a user to initiate a button-click which would trigger an AJAX postback on the server, thus extending their authentication and session cookie without them having to reload the page. I've never implemented this before but look, this guy made an ASP.NET AJAX control !

这篇关于如何在会话超时或结束时注销用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！