Disable the ASP. net bug in the browser sessionfor one minute?

As we all know, MS is fond of making some bugs out of its own. Is this to make programmers have fun in their boring programming work? Joke. However, when I was writing a customer's B/S structure application, I suddenly found a trick. I didn't know whether it was a BUG in ASP. NET, and I gave it to my friends who have studied it.

Originally, we considered writing a Session check class. After the Session fails, we must switch to the login page. Each page that calls this class can be stored in different WEB paths, therefore, the URLs for transferring to the login page are different. Each page must call and set the login page path. Therefore, the actual application gave up this idea.

Later, we thought it would be better to write a page to check that the Session is invalid. The client refresh the page every second and you can call it on a page. However, when we embed the ASPX through FRAME, requests are sent from time to time, not very nice, although the page is hidden.

Later, let's think about it. We just need to use a page, and use the refreshing technology to request the page with the expired Session. The refreshing technology here uses the xmlhttp object instead of the WEBService technology.

(Because the customer's BS system uses the FRAME framework, the top page displays the software name and user login information, so the call is placed on this page)

Let's take a look at the code, mainly the client's JavaScript script program:

This CODE is stored inAnd then call this function when loading the BODY, as shown below:

 
 

  
  
  "ChkSession();" >  
 
 

The ChkSessionOut. aspx. cs code is as follows:

The HTML tags in the ChkSessionOut. aspx file are all deleted by me. In this way, the following code is executed and only the result is output.

 
 

  
  
private void Page_Load(object sender, System.EventArgs e)  
  
  
  {  
  
  
   if(Session["sUserID"]==null)  
  
  
   {  
  
  
    Response.Write("isnull");  
  
  
    return;  
  
  
   }  
  
  
   else 
  
  
   {  
  
  
    Response.Write("notnull");  
  
  
    return;  
  
  
   }    
  
  
  } 
 
 

To test the above program, I changed the content of WEB. Config, changed the SESSION setting segment to a part of the WEB. Config file that expires one minute later, and set the location where the SESSION expires one minute later, as shown below:

 
 

  
  
  "InProc"  stateConnectionString= "tcpip=127.0.0.1:42424"  sqlConnectionString= "data source=127.0.0.1;Trusted_Connection=yes"  cookieless= "false"  timeout= "1" />  
 
 

Then I run the code. I used the original IE to open a new IE window using the menu. To ensure that they are checking the same SESSION, enter ChkSessionOut in the address. aspx, after the program runs, the secret is found. One minute later, I will refresh ChkSessionOut. the aspx page actually outputs notnull. I think, by the way, I am sending requests to this page every second, so there is no reason for the failure. Then I will close the page with no refreshing new technologies, one minute later, the output isnull indicates that the Session is invalid,
I was taken aback by this discovery! Think of VS. NET. It is a good tool, haha!

My environment IIS5.0, Win2000, VS. Net2003

Then, I set 30 seconds for automatic requests. the homepage of the brushless newest is disabled and the SESSION does not expire. If the SESSION is disabled or one Shard, it will expire. The value 1 minute/30 seconds is an integer, it is set to 50 seconds, and the homepage of the brushless newest is off. It has passed 1 sub-category and becomes invalid! Haha, I fully understand! 1 minute/50 seconds is not an integer, so it becomes invalid. Ah, is it a BUG? Please rate it!

1. Analysis on the establishment of ASP. NET development environment
2. Topic: ASP. NET development tutorial
3. Some Suggestions on Web standards in ASP. NET development