ASP.NET MVC会话过期 [英] ASP.NET MVC Session Expiration

问题描述

我们有一个内部的ASP.NET MVC应用程序需要登录。登录的伟大工程，做什么的期望。我们有15分钟的会话过期。坐在一个单页上的那一段时间后，用户丢失会话。如果他们尝试刷新当前页面或浏览到另一个，他们将获得一个登录页面。我们保持他们的请求存储所以一旦他们已经登录，他们可以继续为他们所要求的网页。这个伟大的工程。

We have an internal ASP.NET MVC application that requires a logon. Log on works great and does what's expected. We have a session expiration of 15 minutes. After sitting on a single page for that period of time, the user has lost the session. If they attempt to refresh the current page or browse to another, they will get a log on page. We keep their request stored so once they've logged in they can continue on to the page that they've requested. This works great.

不过，我的问题是，在一些网页上有AJAX调用。例如，他们可以填写一张表格的一部分，离开，而且让他们的会话过期。当他们回来时，仍显示在屏幕上。如果他们只需填写在一个盒子里（这将使一个AJAX调用）的AJAX调用将返回登录页面（无论DIV的AJAX应该有简单的内部选举产生的实际效果）。这看起来太可怕了。

However, my issue is that on some pages there are AJAX calls. For example, they may fill out part of a form, wander off and let their session expire. When they come back, the screen is still displayed. If they simply fill in a box (which will make an AJAX call) the AJAX call will return the Logon page (inside of whatever div the AJAX should have simply returned the actual results). This looks horrible.

我认为溶液是使页面本身到期（使得当会话终止时，它们会自动被而不通过它们任何动作返回到登录屏幕）。但是，我不知道是否有关于如何最好地实现这个专门在ASP.NET MVC关于最佳做法的意见/想法。

I think that the solution is to make the page itself expire (so that when a session is terminated, they automatically are returned to the logon screen without any action by them). However, I'm wondering if there are opinions/ideas on how best to implement this specifically in regards to best practices in ASP.NET MVC.

更新：

所以，我说干就干，在实施本我的 OnActionExecuting （每Keltex的建议）

So I went ahead and implemented this in my OnActionExecuting (per Keltex's suggestion)

  if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
  {
    if (filterContext.HttpContext.Request.IsAjaxRequest())
    {
      filterContext.HttpContext.Response.Write("Invalid session -- please login!");
      filterContext.HttpContext.Response.End();
    }
    else
    {
      ...
    }
  }

这绝对会让事情变得更好 - 现在，即使他们有两个选项卡（一个与一些AJAX调用，他们可以触发），他们在第二个选项卡明确退出，他们会立刻得到的东西更有意义，而不是一堆搞砸了AJAX的数据。

This definitely makes things better -- now even if they have two tabs (one with some AJAX calls that they can trigger) and they log out explicitly in the second tab, they will immediately get something that makes more sense rather than a bunch of screwed up AJAX data.

我仍然认为我会执行Javascript的倒计时，以及该womp建议。

I still think I will implement the Javascript countdown as well that womp suggested.

推荐答案

具体而言，我不知道有关于它的任何的最佳做法，但我这样做是正确的，现在我们的应用程序。我们已经选择了一个客户端解决方案，我们输出的会话超时值转换成母版页一些javascript，并计算出该日的会议将结束。​​

Specifically, I don't know that there are any best practices regarding it, but I'm doing this right now for our app. We've opted for a client-side solution where we output the Session timeout value into some javascript in the master page, and calculate when the session will expire.

5分钟，我们就弹出一个模式对话框，说：你还在吗？有一个倒数计时器。一旦定时器命中0:00，我们将浏览器重定向到登录页面。

5 minutes before-hand, we pop up a modal dialog box saying "Are you still there?" with a countdown timer. Once the timer hits 0:00, we redirect the browser to the login page.

它的JavaScript最少量的做时间和定时器的计算，和一个简单的ashx的处理程序，如果用户点击，这将刷新会议实施了我回来了！在对话框之前会话过期。这样，如果他们返回的时候，就可以刷新会话，而无需任何导航。

It's implemented with a minimal amount of javascript to do the time and timer calculations, and a simple .ashx handler that will refresh the session if the user clicks "I'm back!" on the dialog box before the session expires. That way if they return in time, they can refresh the session without any navigation.

这篇关于ASP.NET MVC会话过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！