如何推进ServiceStack会话超时 [英] How to advance the session timeout in ServiceStack
问题描述
认证,资料库和缓存中ServiceStack供应商提供了一个简单的方法来登录会话添加到Web应用程序,几乎没有额外的代码。我发现了一个身份验证提供会话超时可配置,例如:
<预类=郎-CS prettyprint-覆盖>
新CredentialsAuthProvider {SessionExpiry = TimeSpan.FromMinutes(10)}
这提供了从登陆点到期。如果我们正在开发必须注销用户很短的时间后,一个安全的系统的话,就要2周的默认更改为类似上面的例子。但是这具有从在用户登录10分钟将不管他们是否仍然与应用程序交互踢出的问题。
有一个简单的方法来告诉会话提供延长到期时间服务被称为是什么时候?
在理想情况下它将使我们能够为特定的服务/请求(延长会话,从而使会话只延长当用户积极与应用程序交互,因此查询服务可以被忽略)。
更新
根据由mythz给出的答案,我们现在有一个简单的解决方案,通过扩展ResponseFilterAttribute <提供控制的,我们要求的水平/ A>
的 ServiceStack 不支持滑会话过期自动呢。你基本上需要重置每一个成功的请求的会话高速缓存条目。例如,你可以有一个响应滤波器(因为他们只是对认证的请求执行)的重新保存,将有扩大的效果它的到期时间是终生会话:
VAR userSession = httpReq.GetSession();
httpReq.SaveSession(userSession,slidingExpiryTimeSpan);
如果你知道你正在使用的缓存供应商,例如Redis的您无需重新阅读该条目手动更新到期超时,例如:
VAR sessionKey = SessionFeature.GetSessionKey(httpReq。 GetSessionId());
redis.ExpireEntryIn(sessionKey,slidingExpiry); //瓮:iauthsession:{}的sessionId
The authentication, repository and caching providers in ServiceStack provide a simple way to add login sessions to a web application with almost no additional code. I have found that the session timeout for an authentication provider can be configured, for example:
new CredentialsAuthProvider { SessionExpiry = TimeSpan.FromMinutes(10) }
This provides an expiry from the point of login. If we are developing a secure system that must log a user out after a short time then we would change this from the default of 2 weeks to something like the example above. But this has the problem that 10 minutes from logging in the user will be kicked out regardless of whether or not they are still interacting with the application.
Is there a simple way to tell the session provider to extend the expiry time when services are called?
Ideally it would allow us to extend the session for specific services/requests (so that the session is only extended when the user actively interacts with the application and therefore polled services can be ignored).
Update
Based on the answer given by mythz we now have a simple solution that provides the level of control we require by extending the ResponseFilterAttribute.
ServiceStack doesn't support "sliding session expiration" automatically yet. You would basically need to reset the session cache entry on every successful request. i.e. you could have a response filter (since they're only executed for authenticated requests) that re-saves the session that will have the effect of extending it's life-time by the expiry time:
var userSession = httpReq.GetSession();
httpReq.SaveSession(userSession, slidingExpiryTimeSpan);
If you know what caching provider you're using, e.g. Redis you can manually update the expiry timeout without re-reading the entry, e.g:
var sessionKey = SessionFeature.GetSessionKey(httpReq.GetSessionId());
redis.ExpireEntryIn(sessionKey, slidingExpiry); //"urn:iauthsession:{sessionId}"
这篇关于如何推进ServiceStack会话超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
