I'm currently working on a ASP.Net 3.5 project and trying to implement session timeout detection. I know how to do it with enabled session cookies, but without i'm totally lost.
我目前正在开发ASP。Net 3.5项目并尝试实现会话超时检测。我知道如何使用启用会话cookie,但如果没有它,我将完全迷失。
When session timeout occurs i want to redirect the user to some custom page.
当会话超时发生时,我希望将用户重定向到某个自定义页面。
Can someone explain me how to do it?
有人能解释一下怎么做吗?
My cookie based solution looks like this and i wan't to reproduce its behaviour:
我的基于cookie的解决方案看起来是这样的,我不想再现它的行为:
if (Session.IsNewSession && (Request.Cookies["ASP.NET_SessionId"] != null))
Response.Redirect("...");
5 个解决方案
#1
2
Session_End in the global.asax should always be fired, despite the type of session used.
Session_End在全球。尽管使用的会话类型不同,asax应该始终被解雇。
-edit: you might also be interested in
你可能也感兴趣
Session.IsNewSession
as this gives you information on new requests whether the previous session could have been timed out.
因为这将为您提供关于新请求的信息,以确定上一个会话是否已经超时。
#2
2
It looks like i've found a solution. I'm not very happy with it, but for the moment it works.
看来我找到了解决办法。我对它不太满意,但就目前而言,它起作用了。
I've added a hidden field to my page markup
我在页面标记中添加了一个隐藏字段。
<asp:HiddenField ID="sessionID" runat="server" />
and following code to my CodeBehind
并跟随代码到我的代码后面
public void Page_Load(object sender, EventArgs eventArgs)
{
if (Context.Session != null) {
if (Context.Session.IsNewSession) {
if (!string.IsNullOrEmpty(sessionID.Value)) {
Response.Redirect("~/Timeout.aspx")
}
}
sessionID.Value = Context.Session.SessionID;
}
}
You also need to add this to your Web.config or ASP ignores all posted form fields
您还需要将其添加到Web中。配置或ASP会忽略所有已发布的表单字段
<sessionState cookieless="true" regenerateExpiredSessionId="false"/>
regenerateExpiredSessionId is the important attribute.
regenerateExpiredSessionId是重要的属性。
#3
0
It pretty much works the same way - the session service updates a timestamp every time ASP.NET receives a request with that session ID in the URL. When the current time is > n over the timestamp, the session expires.
它的工作方式基本相同——会话服务每次都会更新一个时间戳。NET在URL中接收一个带有该会话ID的请求。当当前时间是>n除以时间戳时,会话将过期。
If you put something in session and check to see if it's there on each request, if it is not, you know the session is fresh (replacing an expired one or a new user).
如果您将一些内容放入会话中,并检查它在每个请求中是否存在,如果没有,您就知道会话是新的(替换过期的或新用户)。
#4
0
I'd take a look at the "Database" section of AnthonyWJones' answer to a similar question here:
我想看一下AnthonyWJones的“数据库”一节,回答一个类似的问题:
ASP。Net会话超时检测:Is会话。会话和SessionCookie检测是最好的方法吗?
In your session start event, you should be able to check a database for the existence of the SessionID - I assume that if I request a page with the SessionID in the URL, then that is the SessionID that I'll use - I've not tested that.
在您的会话启动事件中,您应该能够检查一个数据库是否存在SessionID——我假设如果我请求URL中带有SessionID的页面,那么这就是我将要使用的SessionID——我还没有测试过它。
You should make sure you clear this DB down when a user logs out manually to ensure that you store a new instance of your flag.
您应该确保在用户手动注销时清除此DB,以确保您存储了标志的新实例。
#5
-1
If you don't like Session_End, you can try a very quick and dirty solution. Set up a Session["Foo"] value in Session_Start in global.asax, then check for Session["Foo"] in your page. If is null, the session is expired..
如果您不喜欢Session_End,您可以尝试一种非常快速、非常脏的解决方案。在全局的Session_Start中设置会话[“Foo”]值。asax,然后在你的页面中检查会话[“Foo”]。如果是null,会话就过期了。
This is one of the solutions proposed in the Nikhil's Blog. Check it.
这是Nikhil博客中提出的解决方案之一。检查它。
#1
2
Session_End in the global.asax should always be fired, despite the type of session used.
Session_End在全球。尽管使用的会话类型不同,asax应该始终被解雇。
-edit: you might also be interested in
你可能也感兴趣
Session.IsNewSession
as this gives you information on new requests whether the previous session could have been timed out.
因为这将为您提供关于新请求的信息,以确定上一个会话是否已经超时。
#2
2
It looks like i've found a solution. I'm not very happy with it, but for the moment it works.
看来我找到了解决办法。我对它不太满意,但就目前而言,它起作用了。
I've added a hidden field to my page markup
我在页面标记中添加了一个隐藏字段。
<asp:HiddenField ID="sessionID" runat="server" />
and following code to my CodeBehind
并跟随代码到我的代码后面
public void Page_Load(object sender, EventArgs eventArgs)
{
if (Context.Session != null) {
if (Context.Session.IsNewSession) {
if (!string.IsNullOrEmpty(sessionID.Value)) {
Response.Redirect("~/Timeout.aspx")
}
}
sessionID.Value = Context.Session.SessionID;
}
}
You also need to add this to your Web.config or ASP ignores all posted form fields
您还需要将其添加到Web中。配置或ASP会忽略所有已发布的表单字段
<sessionState cookieless="true" regenerateExpiredSessionId="false"/>
regenerateExpiredSessionId is the important attribute.
regenerateExpiredSessionId是重要的属性。
#3
0
It pretty much works the same way - the session service updates a timestamp every time ASP.NET receives a request with that session ID in the URL. When the current time is > n over the timestamp, the session expires.
它的工作方式基本相同——会话服务每次都会更新一个时间戳。NET在URL中接收一个带有该会话ID的请求。当当前时间是>n除以时间戳时,会话将过期。
If you put something in session and check to see if it's there on each request, if it is not, you know the session is fresh (replacing an expired one or a new user).
如果您将一些内容放入会话中,并检查它在每个请求中是否存在,如果没有,您就知道会话是新的(替换过期的或新用户)。
#4
0
I'd take a look at the "Database" section of AnthonyWJones' answer to a similar question here:
我想看一下AnthonyWJones的“数据库”一节,回答一个类似的问题:
ASP。Net会话超时检测:Is会话。会话和SessionCookie检测是最好的方法吗?
In your session start event, you should be able to check a database for the existence of the SessionID - I assume that if I request a page with the SessionID in the URL, then that is the SessionID that I'll use - I've not tested that.
在您的会话启动事件中,您应该能够检查一个数据库是否存在SessionID——我假设如果我请求URL中带有SessionID的页面,那么这就是我将要使用的SessionID——我还没有测试过它。
You should make sure you clear this DB down when a user logs out manually to ensure that you store a new instance of your flag.
您应该确保在用户手动注销时清除此DB,以确保您存储了标志的新实例。
#5
-1
If you don't like Session_End, you can try a very quick and dirty solution. Set up a Session["Foo"] value in Session_Start in global.asax, then check for Session["Foo"] in your page. If is null, the session is expired..
如果您不喜欢Session_End,您可以尝试一种非常快速、非常脏的解决方案。在全局的Session_Start中设置会话[“Foo”]值。asax,然后在你的页面中检查会话[“Foo”]。如果是null,会话就过期了。
This is one of the solutions proposed in the Nikhil's Blog. Check it.
这是Nikhil博客中提出的解决方案之一。检查它。