[英]How can I redirect a user back to signout page when timed out? Asp.net MVC
I have site that users lots of ajax(jquery). 我有一个站点,用户使用很多ajax(jquery)。 Now if the user times out for whatever reason(walked about for 30mins or something).
现在,如果用户因任何原因超时(走了30分钟左右)。 On there next action I want them to be returned to the login page.
接下来,我希望将它们返回到登录页面。
I setup everything in the webconfig(returnUrl and timeout) and if they try to go to a page they have no premission to go to they get sent to the login page. 我在webconfig中设置了所有内容(returnUrl和超时),如果他们尝试转到某个页面,则没有权限去将它们发送到登录页面。
However I have the authorize tags on the methods in my controllers that are used for ajax requests. 但是我在用于ajax请求的控制器中的方法上具有authorize标签。 So if a user timesout they are no longer authenticated but they might be on that needed authentication since they logged in and walked away.
因此,如果用户超时,则不再对他们进行身份验证,但是由于他们登录并离开后,他们可能正在进行所需的身份验证。
Now they could go and try to save something at this point that would do an ajax request. 现在他们可以去尝试保存可以执行ajax请求的内容。 The authorize tag will stop them from doing this since they will fail authorization and the return url will kick in.
authorize标记将阻止他们执行此操作,因为它们将使授权失败并返回URL。
However eventhough the return url seems to be sent back to them they are not redirected to the signin page. 但是,即使返回URL似乎已发送回给他们,它们也不会重定向到登录页面。 So I am guessing since all this stuff is ajax thats why it is not working properly.
所以我猜因为所有这些东西都是ajax,这就是为什么它无法正常工作的原因。 So is there away I can fix this?
那我能解决这个问题吗?
Run a client-side function every 30 seconds using setTimeout, which should ask the server via AJAX if the session has been timed out. 使用setTimeout每30秒运行一次客户端功能,该功能应通过AJAX向服务器询问会话是否已超时。 If it has, the client-side code could toss out any login cookie and redirect to the login page.
如果有的话,客户端代码可以扔掉任何登录cookie并重定向到登录页面。
You can either code hard-code the login url into the client-side code, or have the server handler return the value from the web.config if it needs to timeout. 您可以将登录URL硬编码为客户端代码,或者让服务器处理程序在需要超时的情况下从web.config返回该值。
This still leaves the possibility that the user could try something in the 0-30 seconds between when the user actually times out and the client side code does its request to check. 这仍然使用户有可能在用户实际超时和客户端代码执行其检查请求之间的0-30秒内尝试尝试某些操作。 To prevent this as well, have the server send back the amount of time left in the session, that way your client-side code can make the decision to either check back again sooner, or do the client-side redirect before the server-side drop-dead time.
为了防止这种情况,请让服务器发回会话中剩余的时间,这样,您的客户端代码就可以做出决定,以便更早再次检查,或者在服务器端之前进行客户端重定向停滞时间。
您需要检查Ajax错误以获取403响应
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.