Weird problem here, we're running a few mixed environment web applications, that use Windows or Forms authentication depending on where the user comes from.
这里有一个奇怪的问题,我们正在运行一些混合环境Web应用程序,它们使用Windows或Forms身份验证,具体取决于用户来自何处。
I'm curious how everyone else might be handling expired sessions to avoid the errors you would get from someone leaving an idle session open for too long and then trying to resume work, mainly looking for best practices on the subject.
我很好奇其他人如何处理过期的会话,以避免因为某人离开闲置会话太长时间然后尝试恢复工作而导致的错误,主要是寻找有关该主题的最佳实践。
Any suggestions or opinions would be greatly appreciated.
任何建议或意见将不胜感激。
Thanks,
2 个解决方案
#1
I'm not sure how your authentication method affects session timeouts, the mechanism they use to get in shouldn't affect how long they can stay in.
我不确定您的身份验证方法如何影响会话超时,他们使用的机制不会影响他们可以保留多长时间。
Generally speaking, if someone does have an expired session, you can add code to check to see if their session is active. If it isn't, just redirect them to a login page, or display some other friendly text.
一般来说,如果某人确实有过期会话,您可以添加代码以检查其会话是否处于活动状态。如果不是,只需将它们重定向到登录页面,或显示其他友好文本。
Basically something like:
基本上是这样的:
if (Session.IsNewSession)
Response.Redirect("login.aspx");
#2
- Don't store unnecessary information on the session.
- If you are storing something you can reload, have the appropriate code that will reload it if it wasn't found in the session
- Consider if some processes are meant to be handled in long periods of time, in which case save intermediate info to the database.
- If the user is doing a process that uses the session, and the data is missing, take them to step 1 (not much you can do about it, if you don't have the info elsewhere).
不要在会话中存储不必要的信息。
如果要存储可以重新加载的内容,请使用适当的代码,如果在会话中找不到该代码,则会重新加载它
考虑是否要在很长一段时间内处理某些进程,在这种情况下将中间信息保存到数据库。
如果用户正在执行使用会话的进程,并且数据丢失,请将它们带到第1步(如果您没有其他地方的信息,那么您可以做多少事情)。
#1
I'm not sure how your authentication method affects session timeouts, the mechanism they use to get in shouldn't affect how long they can stay in.
我不确定您的身份验证方法如何影响会话超时,他们使用的机制不会影响他们可以保留多长时间。
Generally speaking, if someone does have an expired session, you can add code to check to see if their session is active. If it isn't, just redirect them to a login page, or display some other friendly text.
一般来说,如果某人确实有过期会话,您可以添加代码以检查其会话是否处于活动状态。如果不是,只需将它们重定向到登录页面,或显示其他友好文本。
Basically something like:
基本上是这样的:
if (Session.IsNewSession)
Response.Redirect("login.aspx");
#2
- Don't store unnecessary information on the session.
- If you are storing something you can reload, have the appropriate code that will reload it if it wasn't found in the session
- Consider if some processes are meant to be handled in long periods of time, in which case save intermediate info to the database.
- If the user is doing a process that uses the session, and the data is missing, take them to step 1 (not much you can do about it, if you don't have the info elsewhere).
不要在会话中存储不必要的信息。
如果要存储可以重新加载的内容,请使用适当的代码,如果在会话中找不到该代码,则会重新加载它
考虑是否要在很长一段时间内处理某些进程,在这种情况下将中间信息保存到数据库。
如果用户正在执行使用会话的进程,并且数据丢失,请将它们带到第1步(如果您没有其他地方的信息,那么您可以做多少事情)。