堆栈内存溢出
  简体   繁体   English

防止并发用户会话ASP.NET Core

[英]Prevent concurrent user sessions ASP.NET Core

 原文  2016-09-21 20:47:26       c#/ asp.net/ cookies/ asp.net-core

问题描述

I am trying to prevent multiple concurrent sessions for a user using ASP.NET Core and CookieAuthentication middleware. 我试图为使用ASP.NET Core和CookieAuthentication中间件的用户阻止多个并发会话。

Any tips on how to do this? 有关如何执行此操作的任何提示?

Ideally, once a user signs in, the app would invalidate and effectively "sign out" all other existing cookies issued for that user. 理想情况下,一旦用户登录,应用程序将使该用户无效并有效地“注销”为该用户发布的所有其他现有cookie。 Then, the old sessions would be redirected to the sign in page on the next interaction with the server. 然后,在与服务器的下一次交互中,旧会话将被重定向到登录页面。 So far, I have not found a way to do this. 到目前为止,我还没有找到一种方法来做到这一点。

I have been trying to figure out a way to use a custom validator as described in the documentation . 我一直在尝试找出一种使用自定义验证器的方法,如文档中所述。

Thanks! 谢谢!

1 个解决方案

解决方案1
 0 已采纳  2016-09-21 22:34:00

This is how I've handled it (using ASP.NET Core, but that is irrelevant): To do this you need to maintain state somewhere that is accessible to your server(s). 这是我处理它的方式(使用ASP.NET Core,但这无关紧要):为此,您需要将状态保持在服务器可访问的某个位置。 You can store a session ID in a database when the user logs in. Each web app client should hit a heartbeat url (eg, every few minutes). 当用户登录时,您可以将会话ID存储在数据库中。每个Web应用程序客户端应按一个心跳url(例如,每隔几分钟)。 The back end for the heartbeat checks the session id in the database. 心跳的后端检查数据库中的会话ID。 If it is the active one for the user, then all is good; 如果对用户来说是活动的,那么一切都很好; otherwise it clears the cookie. 否则清除cookie。 If you are using a persistent connection to the client (websocket) then you can push a message to the client to indicate the session is no longer valid. 如果您使用到客户端的永久连接(Websocket),则可以向客户端推送消息以指示会话不再有效。

If you need to be sure that no other action by the user's other session can take place once a new session has started, then you'll need to check the session (as described above) on every call. 如果您需要确保在新会话开始后用户的其他会话无法执行其他任何操作,那么您将需要在每次通话时检查该会话(如上所述)。 ASP.NET Core's middleware capability is perfect for this. ASP.NET Core的中间件功能非常适合此功能。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 默认情况下,asp.net中的最大并发会话数 - Maximum concurrent sessions by default in asp.net asp.net 核心身份跟踪用户打开会话 - asp.net core identity tracking user open sessions 在 ASP.NET Core MVC 中验证会话 - Validate sessions in ASP.NET Core MVC 是否可以在ASP.NET Core中续订会话? - Is it possible to renew sessions in ASP.NET Core? 如何使用asp.net防止不同会话上的数据过载 - how to prevent data overloading at different sessions using asp.net 在ASP.NET Core中启用来自同一会话的并发请求 - Enabling concurrent requests from same session in ASP.NET Core asp.net 核心 Web API:使用 Roles 和 RequiredScope 并发 - asp.net core Web API: use Roles and RequiredScope concurrent ASP.NET Core 中的持久内存并发字典 - Persistent in-memory concurrent dictionary in ASP.NET Core Asp.net MVC多个用户会话/用户模拟 - Asp.net MVC Multiple User Sessions / User Impersonation 如何防止最终用户更改 asp.net 内核中 html 标签的值? - how do I prevent end-user to change values from html tags in asp.net core?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM