在 asp.net mvc4 中设置会话超时?
Setting session timeout in asp.net mvc4?
简而言之,我想在会话 expires.For 时显示登录页面,我在 web.config 中修改了一些细节,如下所示,以便我可以测试逻辑是否 works.But 可悲下面的逻辑没有触发
我的期望是在会话到期时进入 Account Controller 中的 Login Action。
还有 authentication section 和 session state 部分的超时有什么区别
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
您可以使用如下自定义属性来实现:
public class SessionTimeOutAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext context = HttpContext.Current;
// check if session supported
if ( context.Session != null ) {
if( context.Session["username"] == null ) {
context.Response.Redirect ( "~/Account/Login" );
}
}
base.OnActionExecuting(filterContext);
}
}
然后您可以将此属性应用于您的控制器或特定操作,例如:
[SessionTimeOut]
public class HomeController : Controller
{
}
或行动:
[SessionTimeOut]
public ActionResult Index()
{
return Index();
}
根据this回答,这些超时属性的基本区别是:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
"The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid"
<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
"The SessionState timeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session."
您是否在 RegisterGlobalFilters 中注册了授权过滤器?
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new AuthorizeAttribute());
}
并且还为您的控制器配置了 [Authorize] 注释?
简而言之,我想在会话 expires.For 时显示登录页面,我在 web.config 中修改了一些细节,如下所示,以便我可以测试逻辑是否 works.But 可悲下面的逻辑没有触发
我的期望是在会话到期时进入 Account Controller 中的 Login Action。
还有 authentication section 和 session state 部分的超时有什么区别
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
您可以使用如下自定义属性来实现:
public class SessionTimeOutAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext context = HttpContext.Current;
// check if session supported
if ( context.Session != null ) {
if( context.Session["username"] == null ) {
context.Response.Redirect ( "~/Account/Login" );
}
}
base.OnActionExecuting(filterContext);
}
}
然后您可以将此属性应用于您的控制器或特定操作,例如:
[SessionTimeOut]
public class HomeController : Controller
{
}
或行动:
[SessionTimeOut]
public ActionResult Index()
{
return Index();
}
根据this回答,这些超时属性的基本区别是:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="1" />
</authentication>
"The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid"
<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>
"The SessionState timeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session."
您是否在 RegisterGlobalFilters 中注册了授权过滤器?
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new AuthorizeAttribute());
}
并且还为您的控制器配置了 [Authorize] 注释?