10秒后MVC3会话超时 [英] MVC3 Session timeout after 10 seconds
问题描述
需要一些帮助会话超时问题在ASP.Net Web应用程序。本质上,会话登录到期后约10-15秒。
边注:我使用FormsAuthentication和自定义组合基本保障
我Session.IsNewSession被登录后后3-4良好的回传设置为true。
我的web.config具有以下...
<的sessionState模式=是InProc超时=130regenerateExpiredSessionId =真stateNetworkTimeout =120COM pressionEnabled =真正的无Cookie =UseCookies/ >
<身份验证模式=表格>
<形式超时=120ticketCompatibilityMode =Framework40enableCrossAp predirects =真/>
< /认证>
在哪里我相信超时是指分钟....
我有注册的ActionFilter一个MVC 3应用程序
公共静态无效RegisterGlobalFilters(GlobalFilterCollection过滤器)
{
filters.Add(新MyActionFilterAttribute());
}
在我检查了当前会话prevent访问控制器,未经授权的用户不应该能够访问行动OnActionExecuting。
公共覆盖无效OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext的CTX = HttpContext.Current; Player播放器= SessionHelper.GetCurrentPlayer(filterContext.HttpContext.Session); 如果(玩家== NULL和放大器;&安培;!CTX = NULL)
{
玩家= SessionHelper.GetCurrentPlayer(ctx.Session);
} 如果(玩家== NULL ||
(player.IsAdministrator ==假放;&安培; player.IsCoach ==假放;&安培; player.IsCommittee == FALSE))
{
如果(filterContext.Controller是HomeController的|| filterContext.Controller是的AccountController)
{
base.OnActionExecuting(filterContext);
返回;
} 字符串ctxError = CTX!= NULL? 上下文存在:上下文犯规存在;
字符串sessionError = filterContext.HttpContext.Session!= NULL? filterContext.HttpContext.Session存在:filterContext.HttpContext.Session犯规存在;
字符串requestSessionError = filterContext.RequestContext.HttpContext.Session!= NULL? filterContext.RequestContext.HttpContext.Session存在:filterContext.RequestContext.HttpContext.Session犯规存在; 抛出新SecurityException异常(的String.Format(尝试访问{0}用户{1} - {2}({3},{4},{5}),
filterContext.HttpContext.Request.RawUrl,
filterContext.HttpContext.Request.UserHostAddress,
filterContext.HttpContext.Session,
ctxError,
sessionError,
requestSessionError));
} base.OnActionExecuting(filterContext);
}
所以我确定Web服务器刷新了其程序池比我的寿命会更快。这将导致在同一个的sessionID被使用,但也可以还设置IsNewSession标志
由于我有过程序池寿命我能够保持会话在IIS的是InProc模式。没有控制权
我通过移动会话状态持久性到托管SQLServer数据库,从而使会议尽管程序池被回收坚持解决了这个问题。
我建议任何其他人看到他们,否则稳定的网站,他们没有管理权限的服务器上承载时,失去他们的会话状态的解决方案。
哦,我发现IIS日志为pretty没用在这里。这里最好的诊断记录,我发现,是我自己手动记录来决定,这是该方案。
Need some help with a Session timeout problem in an ASP.Net web app. Essentially the session expires about 10-15 seconds after login.
Side Note: I use a custom combo of FormsAuthentication and basic security
My Session.IsNewSession gets set to true after 3-4 good postbacks after login.
My Web.Config has the following...
<sessionState mode="InProc" timeout="130" regenerateExpiredSessionId="true" stateNetworkTimeout="120" compressionEnabled="true" cookieless="UseCookies" />
<authentication mode="Forms">
<forms timeout="120" ticketCompatibilityMode="Framework40" enableCrossAppRedirects="true" />
</authentication>
Where I believe the timeout refers to minutes....
I have an MVC 3 application with an ActionFilter registered
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new MyActionFilterAttribute());
}
Inside the OnActionExecuting I check for a Current Session to prevent access to controller actions which an unauthorized user shouldn't be able to access.
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext ctx = HttpContext.Current;
Player player = SessionHelper.GetCurrentPlayer(filterContext.HttpContext.Session);
if (player == null && ctx != null)
{
player = SessionHelper.GetCurrentPlayer(ctx.Session);
}
if (player == null ||
(player.IsAdministrator == false && player.IsCoach == false && player.IsCommittee == false))
{
if (filterContext.Controller is HomeController || filterContext.Controller is AccountController)
{
base.OnActionExecuting(filterContext);
return;
}
string ctxError = ctx != null ? "Context Exists" : "Context Doesnt Exist";
string sessionError = filterContext.HttpContext.Session != null ? "filterContext.HttpContext.Session Exists" : "filterContext.HttpContext.Session Doesnt Exist";
string requestSessionError = filterContext.RequestContext.HttpContext.Session != null ? "filterContext.RequestContext.HttpContext.Session Exists" : "filterContext.RequestContext.HttpContext.Session Doesnt Exist";
throw new SecurityException(string.Format("Attempt to access {0} by user at {1} - {2} ({3}, {4}, {5})",
filterContext.HttpContext.Request.RawUrl,
filterContext.HttpContext.Request.UserHostAddress,
filterContext.HttpContext.Session,
ctxError,
sessionError,
requestSessionError));
}
base.OnActionExecuting(filterContext);
}
So I've determined that the Web Server was refreshing its AppPool faster than my session lifespan. This would result in the same SessionId to be used, but the IsNewSession flag to be set also.
As I have no control over the AppPool lifespan I was able to keep the session in the InProc mode in IIS.
I resolved the issue by moving Session State persistance to a hosted SqlServer database, thereby allowing the session to persist despite the AppPool being recycled.
I'd recommend the solution for any other person seeing their otherwise stable website losing their session state when hosted on a server which they do not have administrative access to.
Oh, and I found that IIS logs were pretty useless here. The best diagnosis logging here, I found, was my own manual logging to determine that this was the scenario.
这篇关于10秒后MVC3会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
