会话过期属性不会被触发在服务器上
问题描述:
我正试图跟踪会话过期,并且当应用程序在我的开发PC上运行时,一切工作正常。但它不像预期的那样在活动服务器上工作。我已经重新启动服务器,但没有运气!我在Windows Server 2012(Windows Azure虚拟机)和IIS 8上运行。会话过期属性不会被触发在服务器上
我收到基于其操作被触发的控制器的类似错误。由于控制器初始化失败,因为会话过期时会话变量_connectionstring为空,所以会生成错误。
如果我将sessionState更改为1,并将超时值设置为2,然后重定向在服务器和开发环境中都完美工作。奇怪!!
我的问题是为什么动作过滤器错过了在现场服务器环境中的行为?它在开发环境下完美无瑕。我在这里错过了什么?
以下是我的代码。
的Web.Config:
<system.web>
<sessionState mode="InProc" timeout="20" />
<authentication mode="Forms">
<forms loginUrl="~/Auth/Login" timeout="25" slidingExpiration="true" />
</authentication>
</system.web>
过滤配置:
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new SessionExpireFilterAttribute());
filters.Add(new LocsAuthorizeAttribute());
}
}
过滤器:
public class SessionExpireFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(SkipActionFilterAttribute), false).Any())
{
return;
}
HttpContextBase ctx = filterContext.HttpContext;
//HttpContext ctx = HttpContext.Current;
// check if session is supported
if (ctx.Session != null)
{
// check if a new session id was generated
if (ctx.Session.IsNewSession)
{
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out
string sessionCookie = ctx.Request.Headers["Cookie"];
if ((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0))
{
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
// For AJAX requests, we're overriding the returned JSON result with a simple string,
// indicating to the calling JavaScript code that a redirect should be performed.
filterContext.Result = new JsonResult { Data = "_Logon_" };
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "action", "SessionTimeout" },
{ "controller", "Session" }});
}
}
}
}
base.OnActionExecuting(filterContext);
}
}
//[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class LocsAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(SkipActionFilterAttribute), false).Any())
{
return;
}
HttpContext ctx = HttpContext.Current;
// If the browser session has expired...
if (ctx.Session["UserName"] == null)
{
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
// For AJAX requests, we're overriding the returned JSON result with a simple string,
// indicating to the calling JavaScript code that a redirect should be performed.
filterContext.Result = new JsonResult { Data = "_Logon_" };
}
else
{
// For round-trip posts, we're forcing a redirect to Home/TimeoutRedirect/, which
// simply displays a temporary 5 second notification that they have timed out, and
// will, in turn, redirect to the logon page.
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "action", "SessionTimeout" },
{ "controller", "Session" }});
}
}
else if (filterContext.HttpContext.Request.IsAuthenticated)
{
// Otherwise the reason we got here was because the user didn't have access rights to the
// operation, and a 403 should be returned.
filterContext.Result = new HttpStatusCodeResult(403);
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
public class SkipActionFilterAttribute : Attribute
{
}
答
最后我发现不当行为的原因。
我的操作过滤器不作为IIS>应用程序池>高级设置>空闲超时(分钟)设置触发我的会话状态之前达到超时。默认值为20.
将该值设置为0将禁用IIS idel超时。
答
它会给出错误
错误:无效的会话超时参数值。输入一个正整数小于或等于500000
你可以尝试
if ((Session["project"] == null) && (Session["User"] == null) && (Label1.Text == "Label") && (Label2.Text == "Label"))
{
Session.Abandon();
Response.Redirect("Default.aspx");
}
else
{
if ((Session["User"] == null) || (Session["project"] == null))
{
Session["project"] = Label1.Text;
Session["User"] = Label2.Text;
}
if ((Label1.Text == "Label") || (Label2.Text == "Label"))
{
Label1.Text = Session["project"].ToString();
Label2.Text = Session["User"].ToString();
}
}
,让你认证方式为None而不是窗口从IIS> Asp.net设置>身份验证模式
我会猜测你在本地使用Visual Studio开发服务器,在服务器上使用IIS。我猜测这种会话使用模式取决于事件的流水线顺序,而当IIS执行此操作时会话不存在,因为默认情况下IIS处于集成模式。尝试更改为Classic,或更改使用Session的方式,以便它与Integrated一起使用。 – MatthewMartin 2014-11-06 20:52:09
另外,我认为有人下了选票,因为这个问题有点太多了。 – MatthewMartin 2014-11-06 20:52:43
是的,我在本地运行VS 2013 dev服务器。 “会话尚未存在”是什么意思?应用程序运行顺利,直到会话过期。此外,当我设置非常短的会话超时(如1或2)时,它在服务器上正常运行。但是,如果我离开网页超过30分钟,操作属性不再触发。 – ecasper 2014-11-06 22:19:20