问题描述
我要自动重定向到当用户的会话已过期的登录页面。
I want to automatically redirect to the login page when the users session has expired.
我一直用以下code。在坐的每一页在我的应用程序顶部的包含文件:
I have been using the following code in an include file that sits at the top of every page in my application:
Session.Timeout = 60
Response.AddHeader "Refresh", CStr(CInt(Session.Timeout + 1) * 60)
Response.AddHeader "cache-control", "private"
Response.AddHeader "Pragma","No-Cache"
Response.Buffer = True
Response.Expires = 0
Response.ExpiresAbsolute = 0
If Session("accountID") = "" Then
Response.Redirect("http://www.mydomain.com/")
End If
这工作,但有很轻微的错误。飘飞的页面将刷新即使会话仍然活着,它似乎60分钟才刷新到了!
This works but there is very slight bug. Every now and then the page will refresh even though the session is still alive and it seems that it refreshes before the 60 minutes is up!
任何人都可以看到的问题是什么,或者你可以提出一个不同的方法?
Can anybody see what the problem is or can you suggest a different method?
推荐答案
看到好像你必须做这个客户端我会赞成的JavaScript / jQuery和AJAX了该方法。下面是如何做到这一点的例子。
Seeing as though you have to do this client side I'd favour JavaScript/jQuery and AJAX over that method. Here's an example of how to do it.
实际上你只是建立一个AJAX调用轮询脚本返回(JSON格式),用户是否登录与否;如果他们不那么你可以将它们转移到另一页。
Essentially you just set-up an AJAX call to poll a script which returns (in JSON format) whether the user is logged in or not; if they're not then you can transfer them to another page.
这种方法的好处是,你可以查询,只要你想;例如每10秒,以查看用户是否登录的,而不是等待了整整一个小时。这也意味着,你不必说出你的code中的会话超时的身影,所以你可以留下来在IIS中确定。此外,如果用户在系统中注销其他地方,或者你的应用程序池回收和他们的会话被重置,这将很快检测到它。
The benefits to this method are that you can poll whenever you want; e.g. every 10 seconds to see whether the user is still logged in rather than having to wait a full hour. It also means that you don't need to state the session time-out figure in your code and so you can leave that to be determined in IIS. Also if the user logged off elsewhere in your system, or your application pool recycled and their session was reset this would detect it fairly quickly.
我从您的个人资料,你是狗仔队摄影师注意到。我会考虑这个DSLR方法和响应头的方法便宜的手机摄像头的方法:0
I notice from your profile that you're a Paparazzi photographer. I'd consider this the DSLR method and the response header method the cheap phone camera method :o.
要建立会话检查网页创建一个名为session.asp文件(在同一文件夹中的其他文件,使生活更简单)。在它把:
To build your session checker page create a file called session.asp (in the same folder as your other files to make life simpler). In it put:
<%
Response.ContentType = "application/json"
If Session("LoggedOn") Then
Response.Write "{""loggedOn"": true}"
Else
Response.Write "{""loggedOn"": false}"
End If
%>
如果用户登录返回{loggedOn:真正},如果他们不{loggedOn:虚假}。这就是我们将使用您的其他网页上查询,如果他们通过定期调用这个页面并读取响应登录。
If the user is logged in it returns {"loggedOn": true}, if they're not {"loggedOn": false}. This is what we'll use on your other page to poll if they're logged in by calling this page periodically and reading the response.
现在到您的网页原本有你Response.AddHeader code。请移除所有code,因为这个替换它。
Now onto your pages which originally had your Response.AddHeader code in. Remove all of your code as this replaces it.
首先确保你有你的网页的引用jQuery的:
First make sure you have a reference to jQuery on your pages:
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
和那么这行下把以下内容:
And then put under this line the following:
<script type="text/javascript">
$(document).ready(function() {
var checkLoggedOn = function() {
$.getJSON('session.asp', function(data) {
if (!data.loggedOn)
window.location.replace("http://stackoverflow.com");
});
};
// Call checkLoggedOn every x milliseconds
setInterval(checkLoggedOn, 30000);
});
</script>
一切顺利的话,它应该工作。我设置了上述轮询每30秒(30000),但你可以增加/减少这一切你想。
All being well, it should work. I set the above to poll every 30 seconds (30000) but you could increase/decrease this to whatever you wanted.
请注意,我借上述code的大部分地区从和。
Note I borrowed large parts of the code above from http://stackoverflow.com/a/4928564/171703 and http://stackoverflow.com/a/2709160/171703.
从下面的评论,如果你想在用户的超时数字后过期(他们是否保持他们的会话的存活与否)会话,那么你可以做到这一点。
From the comments below, if you want the user's session to expire after the timeout figure (whether they are keeping their session alive or not) then you could do this.
当用户登录,设置一个新的会话变量LoginExpiration:
When the user is logged in, set a new session variable for LoginExpiration:
Session("LoginExpiration") = DateAdd("n", Session.TimeOut, Now())
这需要当前的时间,并增加了它的会话超时人物 - 给你当他们的会话应该被销毁的时间
This takes the current time and adds to it the session timeout figure - giving you the time when their session should be destroyed.
如果您现在修改session.asp到所花费的LoginExpiration数字,并返回该用户不在的情况下,记录以下内容:
If you now modify your session.asp to the following it takes the LoginExpiration figure and returns that the user is not logged in the event of:
- 的用户会话超时(IIS应用程序池复位,或他们点击注销等)
- 的当前日期/时间比设定LoginExpiration时间 更大
这是:
<%
Response.ContentType = "application/json"
LoggedOn = "false"
LoginExpiration = Session("LoginExpiration")
DateNow = Now()
If IsDate(LoginExpiration) Then
If DateNow < LoginExpiration Then
LoggedOn = "true"
End If
End If
Response.Write "{"
Response.Write """loggedOn"": " & LoggedOn & ", "
Response.Write """loginExpiration"": """ & LoginExpiration & """"
Response.Write "}"
%>
我已经把loginExpiration数字改成JSON响应,所以你可以使用它的客户端,如果你想太多。
I've put the loginExpiration figure into the JSON response so you could work with it client side if you wanted too.
这篇关于会话重定向的经典ASP /结束的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!