我在每个操作上使用SessionExpireFilter来检查会话是否已过期。如果会话已过期,则会将用户重定向到sessionTimeoutPage,即到membershipController和SessionTimeOut View
过滤器看起来像 -
public class SessionExpireFilterAttribute : ActionFilterAttribute
{
/// <summary>
/// Called when [action executing].
/// </summary>
/// <param name="filterContext">The filter context.</param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext ctx = HttpContext.Current;
// check if session is supported
if (ctx.Session != null)
{
// check if a new session id was generated
if (ctx.Session.IsNewSession)
{
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out
string sessionCookie = ctx.Request.Headers["Cookie"];
if ((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0))
{
if (ctx.Request.IsAuthenticated)
{
FormsAuthentication.SignOut();
}
//HttpCookie mycookie = new HttpCookie("ASP.NET_SessionId");
//mycookie.Expires = DateTime.MinValue;
//ctx.Response.Cookies.Add(mycookie);
//ctx.Session.Clear();
RouteValueDictionary redirectTargetDictionary = new RouteValueDictionary();
redirectTargetDictionary.Add("action", "SessionTimeOut");
redirectTargetDictionary.Add("controller", "Membership");
filterContext.Result = new RedirectToRouteResult(redirectTargetDictionary);
}
}
}
base.OnActionExecuting(filterContext);
}
}
问题是我有一个会员控制器登录操作方法,它也有该过滤器。它检查会话是否过期并始终找到ASP.NET_SessionId cookie并一次又一次地重定向到sessionTimeout页面(其中有一个指向登录页面的链接)
有人可以提供帮助。
答案 0 :(得分:0)
要使此解决方案正常工作,您需要在Global.asax中连接Session_Start事件。如果您不这样做,Session.IsNewSession将始终为true(这是ASP.NET运行时的工作方式)。有时也需要在会话中存储某些内容(
)