C# 如何在 web.config 中设置会话超时
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1205828/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set session timeout in web.config
提问by George2
I have tried very hard but cannot find a solution on how to set session timeout value for in-process session for an ASP.Net web application.
我已经非常努力地尝试,但找不到有关如何为 ASP.Net Web 应用程序的进程内会话设置会话超时值的解决方案。
I am using VSTS 2008 + .Net 3.5 + C#. Here is what I wrote by myself to set timeout to be 1 minute, is it correct?
我使用的是 VSTS 2008 + .Net 3.5 + C#。这是我自己写的设置超时为1分钟的内容,对吗?
I wrote under system.web section in the web.config
我在 system.web 部分下写的 web.config
<sessionState timeout="1" mode="InProc" />
采纳答案by Wolfwyrd
If you want to set the timeout to 20 minutes, use something like this:
如果要将超时设置为 20 分钟,请使用以下内容:
<configuration>
<system.web>
<sessionState timeout="20"></sessionState>
</system.web>
</configuration>
回答by Kirtan
The value you are setting in the timeout
attribute is the one of the correct ways to set the session timeout value.
您在timeout
属性中设置的值是设置会话超时值的正确方法之一。
The timeout
attribute specifies the number of minutes a session can be idle before it is abandoned. The default value for this attribute is 20.
该timeout
属性指定会话在放弃之前可以空闲的分钟数。此属性的默认值为 20。
By assigning a value of 1 to this attribute, you've set the session to be abandoned in 1 minute after its idle.
通过将值 1 分配给该属性,您已将会话设置为在其空闲后 1 分钟内放弃。
To test this, create a simple aspx page, and write this code in the Page_Load event,
为了测试这一点,创建一个简单的 aspx 页面,并在 Page_Load 事件中编写此代码,
Response.Write(Session.SessionID);
Open a browser and go to this page. A session id will be printed. Wait for a minute to pass, then hit refresh. The session id will change.
打开浏览器并转到此页面。将打印会话 ID。等待一分钟过去,然后点击刷新。会话 ID 会改变。
Now, if my guess is correct, you want to make your users log out as soon as the session times out. For doing this, you can rig up a login page which will verify the user credentials, and create a session variable like this -
现在,如果我的猜测是正确的,您想让您的用户在会话超时后立即注销。为此,您可以设置一个登录页面来验证用户凭据,并创建一个像这样的会话变量 -
Session["UserId"] = 1;
Now, you will have to perform a check on every page for this variable like this -
现在,您必须像这样在每个页面上对该变量执行检查 -
if(Session["UserId"] == null)
Response.Redirect("login.aspx");
This is a bare-bones example of how this will work.
这是一个简单的例子,说明这将如何工作。
But, for making your production quality secure apps, use Roles & Membershipclasses provided by ASP.NET. They provide Forms-based authentication which is much more reliabletha the normal Session-based authentication you are trying to use.
但是,为了使您的生产质量安全的应用程序,请使用ASP.NET 提供的角色和成员资格类。它们提供基于表单的身份验证,这比您尝试使用的基于会话的普通身份验证要可靠得多。
回答by Balaji Birajdar
Use this in web.config
:
在web.config
:
<sessionState
timeout="20"
/>
回答by asif jan
If it's not working from web.config
, you need to set it from IIS.
如果它不能从 工作web.config
,您需要从 IIS 设置它。
回答by Keith Aymar
If you are using MVC, you put this in the web.config file in the Root directory of the web application, not the web.config in the Views directory. It also needs to be IN the system.web node, not under like George2 stated in his question: "I wrote under system.web section in the web.config"
如果您使用 MVC,请将其放在 Web 应用程序根目录中的 web.config 文件中,而不是 Views 目录中的 web.config。它也需要在 system.web 节点中,而不是像 George2 在他的问题中所说的那样:“我在 web.config 的 system.web 部分下写的”
The timeout parameter value represents minutes.
timeout 参数值代表分钟。
There are other attributes that can be set in the sessionState element. You can find information here: docs.microsoft.com sessionState
可以在 sessionState 元素中设置其他属性。您可以在此处找到信息:docs.microsoft.com sessionState
<configuration>
<system.web>
<sessionState timeout="20"></sessionState>
</system.web>
</configuration>
You can then catch the begining of a new session in the Global.asax file by adding the following method:
然后,您可以通过添加以下方法在 Global.asax 文件中捕捉新会话的开始:
void Session_Start(object sender, EventArgs e)
{
if (Session.IsNewSession)
{
//do things that need to happen
//when a new session starts.
}
}