Shulou(Shulou.com)06/03 Report--

This article mainly introduces. Net mvc session failure how to do, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

Recently, we have solved the problem of session failure based on. Net mvc project. Let's talk about this.

1. Analysis of problems

In .net mvc, there are several scenarios to consider when Session fails:

Action based on permission authentication, using non-Ajax requests

Action based on permission authentication, using JQueryt Ajax to request

Action based on permission authentication, using Ajax requests encapsulated by. Net mvc

Action without permission authentication, using non-Aajx requests

Action without permission authentication, using native JQuery Ajax request

Action without permission authentication, using Ajax requests encapsulated by. Net mvc

After the Action,session based on permission authentication expires, the AuthorizeAttribute can be intercepted and processed in the HandleUnauthorizedRequest method; the Action without permission authentication needs to be judged and processed in the custom filter according to the difference between the new Session and the requested Session.

two。 Non-Ajax request based on privilege authentication

Authorize filter takes precedence over other functional filters, so here you inherit AuthorizeAttribue and process session requests in HandleUnauthorizedRequest.

Public class AuthorizeOfHandleUnAuthorizeAttribute:AuthorizeAttribute {protected override void HandleUnauthorizedRequest (AuthorizationContext filterContext) {/ / session invalidation redirect to login page filterContext.Result = new RedirectToRouteResult (new RouteValueDictionary (new {Controller = "Login", Action = "Login"}));}}

3. Ajax request based on privilege Authentication

The Action requested by Ajax has two return results in the system: JsonResult and PartialViewResult.

In theory, JsonResult can add the session expiration attribute to the returned result and the client can judge it. But given that the project has been completed, it is cumbersome to add judgment logic to all ajax requests.

The server code handles the ajax request:

Protected override void HandleUnauthorizedRequest (AuthorizationContext filterContext) {/ / ajax request session overtime processing if (filterContext.HttpContext.Request.IsAjaxRequest ()) {filterContext.HttpContext.Response.AppendHeader ("sessionstatus", "timeout"); filterContext.HttpContext.Response.End (); return;} filterContext.Result = new RedirectToRouteResult (new {Controller = "Login", Action = "Login"});}

Client code (this is not applicable for Action that returns PartialViewResult):

OnSuccess: function (xhr, status) {/ / get response header, sessionstatus,var sessionstatus = xhr.getResponseHeader ("sessionstatus"); if (sessionstatus = = "timeout") {_ window.location = "/ Login/Login";}}

The existence of the PartialViewResult situation directly negates the above assumption. Most Ajax requests in the project are based on. Net mvc encapsulation, directly updating the specified div.

In order not to make a lot of changes, but to handle two kinds of ajax requests that return results uniformly, another method has been found.

JQuery.ajaxSetup ()

This function is used to change the default setting options for AJAX requests in jQuery. All subsequent AJAX requests, if the corresponding option parameters are not set, will use the changed default settings.

So our client code can be handled uniformly as follows:

/ / resolve ajax request session timeout problem $.ajaxSetup ({complete: function (xmlHttpRequest, textStatus) {var sessionStatus = xmlHttpRequest.getResponseHeader ("sessionstatus"); if (sessionStatus = "timeout") {_ window.location = "/ Login/Login";})

I thought everything would be all right here, but I accidentally found another problem. The ajax request call encapsulated by. Net mvc jquery.unobtrusive-ajax did not achieve the effect of intercepting processing. After repeated debugging, I finally noticed the above paragraph.

JQuery.ajaxSetup () this function is used to change the default setting options for AJAX requests in jQuery. All subsequent AJAX requests, if the corresponding option parameters are not set, will use the changed default settings.

What is said here is quite clear, it must be the trick when jquery.unobtrusive-ajax is encapsulated. If you open the source code, you can see that it is so:

Extend (options, {type: element.getAttribute ("data-ajax-method") | | undefined,url: element.getAttribute ("data-ajax-url") | | undefined,cache:!! element.getAttribute ("data-ajax-cache"), beforeSend: function (xhr) {var result;asyncOnBeforeSend (xhr, method); result = getFunction (element.getAttribute ("data-ajax-begin"), ["xhr"]) .apply (element, arguments); if (result! = = false) {loading.show (duration);} return result }, complete: function (xhr,status) {loading.hide (duration); getFunction (element.getAttribute ("data-ajax-complete"), ["xhr", "status"]) .apply (element, arguments);}, success: function (data, status, xhr) {asyncOnSuccess (element, data, xhr.getResponseHeader ("Content-Type") | | "text/html"); getFunction (element.getAttribute ("data-ajax-success"), [data "," status "," xhr "]) .apply (element, arguments) }, error: function () {getFunction (element.getAttribute ("data-ajax-failure"), ["xhr", "status", "error"]) .apply (element, arguments);}})

We see that jquery.unobtrusive-ajax registers the compelete event for the ajax request, so the default handler we wrote is overwritten. I really couldn't think of any good idea, so I had to change the source code of jquery.unobtrusive-ajax:

Complete: function (xhr,status) {loading.hide (duration); / / parsing the ajax request session timeout problem var sessionStatus = xhr.getResponseHeader ("sessionstatus"); if (sessionStatus = "timeout") {_ window.location = "/ Login/Login";} getFunction (element.getAttribute ("data-ajax-complete"), ["xhr", "status"]) .apply (element, arguments);}

So far, the problem of session invalidation of ajax requests based on authentication has been basically solved, with two defects:

I always feel awkward when I modify the source code of jquery.unobtrusive-ajax

Any ajax request that registers a compelete event needs to handle the session problem itself.

4. Action with no permission to limit tasks

The Session invalidation of Action without permission authentication is handled as follows:

If (filterContext.HttpContext.Session! = null) {if (filterContext.HttpContext.Session.IsNewSession) {var sessionCookie = filterContext.HttpContext.Request.Headers ["Cookie"]; if (sessionCookie! = null&&sessionCookie.IndexOf ("ASP_NET_SessionId", StringComparison.OrdinalIgnoreCase) > = 0) {filterContext.Result = new RedirectToRouteResult (new {Controller = "Login", Action = "Login"}));}

The Ajax of Action without permission authentication can be handled by imitating the above processing method with authority authentication, and the code will no longer be glued here. Personally, most Action requests without permission authentication do not have to consider session invalidation, because most of these Action do not obtain information from session, but only query public information.

5. Remaining problems

So far, the problem has been basically solved, but an inexplicable problem has been encountered in the process, so let's write it down for the time being:

I originally simulated the failure of session by setting the session expiration time very small in the configuration file, but found that the existing framework of the project always inexplicably changed the session expiration time to 60 minutes when the first business request after login, but did not find out why. Later, it can only be simulated by opening two tab pages in the same browser, logging in to the system and launching in one tab page.

Thank you for reading this article carefully. I hope the article "what about the failure of .net mvc session" shared by the editor will be helpful to you. At the same time, I also hope that you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.