I'm building a system using JQuery and AJAX calls to classic ASP pages which handle the server stuff.
我正在构建一个使用JQuery和AJAX调用处理服务器内容的经典ASP页面的系统。
This system requires a user to be logged in. I'm using the session to store the username.
这个系统要求用户登录。我使用会话来存储用户名。
The problem is that the session times out after the default 20 mins and users are being redirected to the sign in page. I'm assuming that for some reason the AJAX calls are not maintaining the session.
问题是,在默认的20分钟后,会话超时,用户被重定向到页面上的标志。我假设出于某种原因,AJAX调用没有维护会话。
Here's how I'm doing things:
我是这样做的:
When the user logs in I post an AJAX call as follows:
当用户登录时,我发布如下的AJAX调用:
$.ajax({
type: "POST",
url: "admin/ajax/signin.asp",
data: {
'username': username,
'userpassword': userpassword
},
cache: false,
success: function(data, textStatus, jqXHR) {
if (jqXHR.getResponseHeader('REQUIRES_AUTH') === '1'){
$('#failed').show();
}
else {
location.href = "admin/"
}
}
});
signin.asp checks the users details against the database, if ok this page stores the username in a session variable.
signin。如果确定此页面将用户名存储在会话变量中,那么asp将根据数据库检查用户详细信息。
Session("userid") = Request("username")
The user is now logged in.
用户现在已登录。
Whilst the user is using the system every page checks the REQUIRES_AUTH header on every AJAX request and handles the logout redirection as follows:
当用户使用系统时,每个页面检查每个AJAX请求上的REQUIRES_AUTH头,并处理注销重定向如下:
/* Check user logged in on every ajax request */
$('body').ajaxComplete(function(event,request,settings){
if (request.getResponseHeader('REQUIRES_AUTH') === '1'){
location.href="../signin.html"
};
});
/* End */
Every ASP page that is called using an AJAX post does a check on the session, if it's not there then it sets the REQUIRES_AUTH header as follows:
每一个使用AJAX post调用的ASP页面都会对会话进行检查,如果没有的话,它会设置REQUIRES_AUTH头如下所示:
If (trim(Session("userid")) = "") Then
'No session so clear variable
Session.Contents.Remove("userid")
'Redirect to Login page
Response.AddHeader "REQUIRES_AUTH", "1"
Else
Session("userid") = Session("userid")
End If
I made the assumption that using Session("userid") = Session("userid") and the fact that I'm calling an ASP page which does something on the server would be enough to maintain the session but it appears not, all advice greatly appreciated. Do I have something fundamentally wrong?
我假设使用会话(“userid”)=会话(“userid”),并调用一个在服务器上执行某些操作的ASP页面,这足以维护会话,但似乎还不够,因此非常感谢所有的建议。我有什么根本的错误吗?
2 个解决方案
#1
1
you can set an auto refresh in JavaScript every 15 min with a hidden count down or pass a unique token in your client site javascript
您可以使用隐藏的计数每15分钟在JavaScript中设置一次自动刷新,或者在客户端站点JavaScript中传递一个唯一的令牌
#2
0
Unfortunately there is no sliding expiration in classic asp sessions. I can figure out two suggestion:
不幸的是,在经典的asp会话中没有滑动过期。我能想出两个建议:
- Use a cookie in place of the session to identify the user. Maybe the hash of the User Id will be suitable.
- 使用cookie代替会话来标识用户。也许用户Id的散列是合适的。
- Extend the
Session.Timeoutvalue for something larger than 20 min. - 延长会话。大于20分钟的值的超时值。
#1
1
you can set an auto refresh in JavaScript every 15 min with a hidden count down or pass a unique token in your client site javascript
您可以使用隐藏的计数每15分钟在JavaScript中设置一次自动刷新,或者在客户端站点JavaScript中传递一个唯一的令牌
#2
0
Unfortunately there is no sliding expiration in classic asp sessions. I can figure out two suggestion:
不幸的是,在经典的asp会话中没有滑动过期。我能想出两个建议:
- Use a cookie in place of the session to identify the user. Maybe the hash of the User Id will be suitable.
- 使用cookie代替会话来标识用户。也许用户Id的散列是合适的。
- Extend the
Session.Timeoutvalue for something larger than 20 min. - 延长会话。大于20分钟的值的超时值。