C# MVC3会话在10秒后超时
需要有关ASP.Net web应用中会话超时问题的帮助。本质上,会话在登录后大约10-15秒过期 旁注:我使用FormsAuthentication和基本安全性的自定义组合 My Session.IsNewSession在登录后3-4次良好回发后设置为true 我的Web.Config有以下内容C# MVC3会话在10秒后超时,c#,asp.net-mvc-3,forms-authentication,session-state,session-timeout,C#,Asp.net Mvc 3,Forms Authentication,Session State,Session Timeout,需要有关ASP.Net web应用中会话超时问题的帮助。本质上,会话在登录后大约10-15秒过期 旁注:我使用FormsAuthentication和基本安全性的自定义组合 My Session.IsNewSession在登录后3-4次良好回发后设置为true 我的Web.Config有以下内容 <sessionState mode="InProc" timeout="130" regenerateExpiredSessionId="true" stateNetworkTimeout="1
<sessionState mode="InProc" timeout="130" regenerateExpiredSessionId="true" stateNetworkTimeout="120" compressionEnabled="true" cookieless="UseCookies" />
<authentication mode="Forms">
<forms timeout="120" ticketCompatibilityMode="Framework40" enableCrossAppRedirects="true" />
</authentication>
在OnActionExecuting中,我检查当前会话,以防止未经授权的用户无法访问控制器操作
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext ctx = HttpContext.Current;
Player player = SessionHelper.GetCurrentPlayer(filterContext.HttpContext.Session);
if (player == null && ctx != null)
{
player = SessionHelper.GetCurrentPlayer(ctx.Session);
}
if (player == null ||
(player.IsAdministrator == false && player.IsCoach == false && player.IsCommittee == false))
{
if (filterContext.Controller is HomeController || filterContext.Controller is AccountController)
{
base.OnActionExecuting(filterContext);
return;
}
string ctxError = ctx != null ? "Context Exists" : "Context Doesnt Exist";
string sessionError = filterContext.HttpContext.Session != null ? "filterContext.HttpContext.Session Exists" : "filterContext.HttpContext.Session Doesnt Exist";
string requestSessionError = filterContext.RequestContext.HttpContext.Session != null ? "filterContext.RequestContext.HttpContext.Session Exists" : "filterContext.RequestContext.HttpContext.Session Doesnt Exist";
throw new SecurityException(string.Format("Attempt to access {0} by user at {1} - {2} ({3}, {4}, {5})",
filterContext.HttpContext.Request.RawUrl,
filterContext.HttpContext.Request.UserHostAddress,
filterContext.HttpContext.Session,
ctxError,
sessionError,
requestSessionError));
}
base.OnActionExecuting(filterContext);
}
因此,我确定Web服务器刷新其应用程序池的速度快于我的会话寿命。这将导致使用相同的SessionId,但也要设置IsNewSession标志 由于我无法控制AppPool的生命周期,因此我能够在IIS中将会话保持在InProc模式 我通过将会话状态持久性移动到托管的SqlServer数据库来解决这个问题,从而允许会话持久化,尽管AppPool被回收 我建议任何其他人看到他们原本稳定的网站在托管在没有管理权限的服务器上时会丢失会话状态时,都可以使用该解决方案
哦,我发现IIS日志在这里非常无用。我发现,这里最好的诊断日志记录是我自己的手动日志记录,以确定这是一个场景。为什么要使用会话检查授权?感谢分享。由于这个问题,
@Html.AntiForgeryToken()
也不起作用,它使找到真正的问题成为一个挑战,因为您认为防伪的东西有问题。找到根本原因是非常令人沮丧的,但是在不同的服务器上部署程序是很有帮助的。
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext ctx = HttpContext.Current;
Player player = SessionHelper.GetCurrentPlayer(filterContext.HttpContext.Session);
if (player == null && ctx != null)
{
player = SessionHelper.GetCurrentPlayer(ctx.Session);
}
if (player == null ||
(player.IsAdministrator == false && player.IsCoach == false && player.IsCommittee == false))
{
if (filterContext.Controller is HomeController || filterContext.Controller is AccountController)
{
base.OnActionExecuting(filterContext);
return;
}
string ctxError = ctx != null ? "Context Exists" : "Context Doesnt Exist";
string sessionError = filterContext.HttpContext.Session != null ? "filterContext.HttpContext.Session Exists" : "filterContext.HttpContext.Session Doesnt Exist";
string requestSessionError = filterContext.RequestContext.HttpContext.Session != null ? "filterContext.RequestContext.HttpContext.Session Exists" : "filterContext.RequestContext.HttpContext.Session Doesnt Exist";
throw new SecurityException(string.Format("Attempt to access {0} by user at {1} - {2} ({3}, {4}, {5})",
filterContext.HttpContext.Request.RawUrl,
filterContext.HttpContext.Request.UserHostAddress,
filterContext.HttpContext.Session,
ctxError,
sessionError,
requestSessionError));
}
base.OnActionExecuting(filterContext);
}