Global.asax.cs中的Session_End不触发
[英]Session_End in Global.asax.cs not firing
问题描述
I have an Asp.net web application where I am using FormsAuthentication for User login. 
我有一个Asp.net Web应用程序,其中使用FormsAuthentication进行用户登录。
I want to prevent multiple logins to the same user at the same time. 我想防止同一时间多次登录同一用户。 For this I have set the FormsAuthentication timeout to 15 minutes and Session.timeout to 15 minutes. 为此,我将FormsAuthentication超时设置为15分钟,将Session.timeout设置为15分钟。
When the user closes the browser without logging out, or if the user is inactive for 15 minutes, it is not firing the Session_End() event in global.asax.cs file. 当用户关闭浏览器而不注销时,或者如果用户不活动15分钟,它将不会在global.asax.cs文件中触发Session_End()事件。 I want to update the database field in the Session_End() event. 我想更新Session_End()事件中的数据库字段。
Code for Login: 登录代码:
if (Membership.ValidateUser(username, password))
{
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(15),
false,
FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1"));
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
context.Response.Cookies.Add(authCookie);
context.Response.Redirect("/HomePage", false);
}
Global.asax.cs: 的Global.asax.cs:
protected void Session_Start(Object sender, EventArgs e)
{
Session["init"] = 0;
Session.Timeout = 15;
}
protected void Session_End(Object sender, EventArgs e)
{
PersonObject person = new PersonObject();
// calling the function to update entry in database
person.ResetUserLoginStatus(HttpContext.Current.User.Identity.Name);
}
Function to update entry in database: 更新数据库中条目的功能:
public bool ResetUserLoginStatus( string username="")
{
string sql = "UPDATE Person SET IsLogged=0 WHERE Person = @Person";
PersonObject person = new PersonObject();
object id = person.ExecuteScalar(sql, new Dictionary<string, object>() {
{ "Person", (!string.IsNullOrEmpty(username)?username:User.Name )}
}, "Person");
return true;
}
Web.config: Web.config文件:
<authentication mode="Forms">
<forms loginUrl="/Security/Login.ashx/Home" name="SecurityCookie" timeout="15" slidingExpiration="true">
</forms>
</authentication>
<sessionState timeout="15" mode="InProc"></sessionState>
The problem is that when the browser is closed the ResetUserLoginStatus() method isn't called and I am unable to reset my value to 0. Since the field has not been reset to 0, that user won't be able to log in again. 问题在于,当浏览器关闭时,不会调用ResetUserLoginStatus()方法,并且我无法将我的值重置为0。由于该字段尚未重置为0,因此该用户将无法再次登录。
Please suggest. 请提出建议。
1 个解决方案
解决方案1
1 2019-03-02 00:46:15
Session_End is actually not that useful or reliable. Session_End实际上不是那么有用或可靠。 For one thing, it only fires at the end of the pipeline processing when an HTTP request has been received and a response has been rendered. 一方面,它仅在接收到HTTP请求并已呈现响应时才在管道处理结束时触发。 That means it does NOT fire for a user who has simply closed their browser. 这意味着它对于仅关闭浏览器的用户不起作用。 Also, the event will never fire except for certain types of session state-- it won't work with State Server, for example, or SQL-based session state. 此外,除了某些类型的会话状态外,该事件永远不会触发-例如,它不适用于State Server或基于SQL的会话状态。 The bottom line is you can't rely on it to maintain an unambiguous "Is logged in" flag. 底线是您不能依靠它来维护明确的“已登录”标志。
Instead, I would store a "last page request received" time stamp. 相反,我将存储“收到的最后一页请求”时间戳。 You can then infer the value of a "is logged in" flag; 然后,您可以推断出“已登录”标志的值; any user who has submitted a request in the past 15 minutes is still logged in. 在过去15分钟内提交请求的任何用户仍将登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.