【发布时间】:2014-05-15 16:26:35
【问题描述】:
我正在使用以下代码来检测会话到期:
public class SessionActionFilterAttribute : ActionFilterAttribute
{
/// <summary>Called by the ASP.NET MVC framework before the action method executes.</summary>
/// <param name="filterContext">The filter context.</param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// The following code is used for checking if a session has timed out. The default timeout value for ASP.NET is 20mins.
// The timeout value can be overriden in the Web.config file using the sessionState tag's timeout attribute.
// <sessionState timeout="5"></sessionState>
// Check for an existing session.
if (null != filterContext.HttpContext.Session)
{
// Check if we have a new session.
// IsNewSession cannot discern between: is it a new visitor with fresh session, or an existing visitor with expired session.
if (filterContext.HttpContext.Session.IsNewSession)
{
string cookieHeaders = filterContext.HttpContext.Request.Headers["Cookie"];
// Check if session has timed out.
// Does session cookie exist, if so ASP.NET session is expired
if ((null != cookieHeaders) && (cookieHeaders.IndexOf("ASP.NET_SessionId") >= 0))
{
if (filterContext.HttpContext.Request.IsAuthenticated)
{
FormsAuthentication.SignOut();
}
// Redirect to login.
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "controller", "Account" },
{ "action", "Index" },
{ "timeout", "True"}
});
return;
}
}
}
// Else continue with action as usual.
// Session is not expired and function will return false, could be new session, or existing active session
base.OnActionExecuting(filterContext);
}
}
这在某种程度上可以正常工作......
当用户登录并在会话超时之前关闭浏览器(不注销)...
然后尝试再次查看该站点并在会话超时后重新登录它会不断重定向到登录页面,即上面的代码认为会话已连续过期,但我猜是为了由于某种原因,cookie 仍然“过期”。
这里有什么我遗漏的吗?
附:我在 web.config 中使用以下内容
<sessionState timeout="1"></sessionState>
【问题讨论】:
标签: c# asp.net-mvc session session-timeout