遇到一个问题:Web.Config中设置的Sestion timeout不起作用,设置的timeout时间到期后,Global.asax中的Session_End能够被调用,但在此事件处理函数中,Context总是为null,这样就没有办法利用Context退出登录。
原因如下:
[quote]
The Session_End event fires when the browser isn't connected to the server -- so there really isn't anyway to clear out the authentication ticket (since that is stored on the client).
What I'd recommend doing instead is changing the timeout duration of the forms-authentication ticket to be 15 minutes. That way you can avoid having to add a session_end event at all -- and just rely on the browser cookie timing out to force another login.
Q: Do I have a valid HttpContext in Session_End?
A: No, because this event is not associated with any request.
[/quote]
推荐用forms-authentication timeout,在Web.Config中配置如下:
原因如下:
[quote]
The Session_End event fires when the browser isn't connected to the server -- so there really isn't anyway to clear out the authentication ticket (since that is stored on the client).
What I'd recommend doing instead is changing the timeout duration of the forms-authentication ticket to be 15 minutes. That way you can avoid having to add a session_end event at all -- and just rely on the browser cookie timing out to force another login.
Q: Do I have a valid HttpContext in Session_End?
A: No, because this event is not associated with any request.
[/quote]
推荐用forms-authentication timeout,在Web.Config中配置如下:
<system.web>
<authentication mode="Forms">
<forms timeout="50000000"/>
</authentication>
</system.web>