浏览器关闭时会话超时

时间:2014-05-15 16:26:35

标签: c# asp.net-mvc session session-timeout

我正在使用以下代码来检测会话到期时间:

public class SessionActionFilterAttribute : ActionFilterAttribute
{
    /// <summary>Called by the ASP.NET MVC framework before the action method executes.</summary>
    /// <param name="filterContext">The filter context.</param>
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        // The following code is used for checking if a session has timed out. The default timeout value for ASP.NET is 20mins.
        // The timeout value can be overriden in the Web.config file using the sessionState tag's timeout attribute.
        // <sessionState timeout="5"></sessionState>
        // Check for an existing session.
        if (null != filterContext.HttpContext.Session)
        {
            // Check if we have a new session.
            // IsNewSession cannot discern between: is it a new visitor with fresh session, or an existing visitor with expired session.
            if (filterContext.HttpContext.Session.IsNewSession)
            {
                string cookieHeaders = filterContext.HttpContext.Request.Headers["Cookie"];

                // Check if session has timed out.
                // Does session cookie exist, if so ASP.NET session is expired
                if ((null != cookieHeaders) && (cookieHeaders.IndexOf("ASP.NET_SessionId") >= 0))
                {
                    if (filterContext.HttpContext.Request.IsAuthenticated)
                    {
                        FormsAuthentication.SignOut();
                    }

                    // Redirect to login.
                    filterContext.Result = new RedirectToRouteResult(
                                                                    new RouteValueDictionary 
                                                                    { 
                                                                        { "controller", "Account" }, 
                                                                        { "action", "Index" },
                                                                        { "timeout", "True"}
                                                                    });
                    return;
                }
            }
        }

        // Else continue with action as usual.
        // Session is not expired and function will return false, could be new session, or existing active session
        base.OnActionExecuting(filterContext);
    }
}

哪一项工作正常......

当用户登录并在会话超时之前关闭浏览器(无需注销)...

然后尝试再次查看该站点并在会话超时后重新登录,它会不断重定向到登录页面,即上面的代码认为会话已连续过期,但我猜测为某些原因,cookie仍然是“过期”。

这里有什么我想念的吗?

P.S。我在web.config中使用以下内容

<sessionState timeout="1"></sessionState>

1 个答案:

答案 0 :(得分:0)

Gah ....我在重定向之前添加了以下内容,似乎已经修复了问题....只需要进行一些测试以确保:

if (filterContext.HttpContext.Request.Cookies["ASP.NET_SessionId"] != null)
{
    filterContext.HttpContext.Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-1);
}

filterContext.HttpContext.Session.Abandon();
相关问题
最新问题