会话过期和权威性剩下的饼干 [英] Session expiring and auth cookie remaining
问题描述
我在哪里我的会话过期的问题,
I'm having an issue where my session is expiring,
Session["UserId"] = userId;
但身份验证cookie仍然存在,因此[授权]属性仍然允许用户直到系统尝试读取会话变量和错误了导航系统。空例外
but the authentication cookie is still there so the [authorize] attribute is still allowing the user to navigate the system until the system tries to read the session variables and errors out. Null exception
是否有关于如何使AUTH的cookie走开当会话过期有什么想法?我当然AP preciate作为我新的ASP.NET MVC任何见解3。
Are there any thoughts on how to make the auth cookie go away when the session expires? I would certainly appreciate any insight as I am new to ASP.NET MVC 3.
推荐答案
有很多方法可以做到这一点。这里只是一个想法。
There are many ways you can do this. Here is just one idea.
public class ControllerBase : Controller
{
public ControllerBase()
: base()
{
this.VerifySession();
}
/// <summary>
/// Indicates whether the session must be active and contain a valid customer.
/// </summary>
protected virtual bool RequiresActiveSession
{
get { return true; }
}
public void VerifySession()
{
if (this.RequiresActiveSession && Session["UserId"] == null)
{
Response.Redirect(Url.Action("LoginPage"));
}
}
}
public class HomeController : ControllerBase
{
protected override bool RequiresActiveSession
{
get
{
return true;
}
}
public ActionResult Index()
{
return View();
}
}
基本上,你有一个控制器基地,将处理验证会话。而且,从它继承任何控制器可以指定,如果要验证会话与否。
Basically you have a controller base which will handle validating the session. And any controller that inherits from it can specify if it wants to validate the session or not.
或
您可以创建一个自定义行动过滤器它允许你属性控制器或行动和执行你的控制器操作之前,钩子上code进入的处理管道。
you could create a custom Action Filter which allows you to attribute your controller or actions and hook your code into the processing pipeline of before executing your controllers actions.
这篇关于会话过期和权威性剩下的饼干的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
