asp.net|session| Program | browser
In writing a customer's B/s structure application, suddenly found a trick, do not know whether the MS is a bug, to the relevant research friends
Originally considering writing a class to check the session, session expiration, you must turn to the landing page, you can call the Class page, in a different Web path, so go to the landing page URL are different, each page to call and set the landing page path, so the actual application to give up the idea
Later consider to write a check session failure of the page, by the client every second refresh, you can call in a page, but through the frame embedded in the ASPX when the old request issued, not too good-looking, although the page is hidden.
Then, think about it, with a page, using no refresh technology, to request the expiration session of the page on it, no refresh technology here using the XMLHTTP object, no use of WebService technology.
(due to the customer's BS system, using frame framework, the top-level page is to display the software name, user login information, so the call is placed on the page)
Let's take a look at the code, primarily the client's JavaScript scripting program
<script language= "JavaScript" >
var idx=0;
function Chksession ()
{
var Http = new ActiveXObject ("Microsoft.XMLHTTP");
Http.open ("Get", "chksessionout.aspx", false); Check for pages that fail session
Http.send ();
var str = http.responsetext;//return result after performing ASPX
idx++
document.all ("ConvertResult"). InnerHTML = Str+idx;
if (str== "Notnull")
{
alert (str);
}
Else
{
Alert ("Session value tracking time timed out, please login again ...");//This code has not been running, look down, you will know
Location.href = "longin.aspx";
}
Window.settimeout (' chksession () ', 1000);//Every second, request a chksessionout.aspx
}
</script>
This code, I put in between <HEAD></HEAD> tags, and then when the body loaded, call the function, as follows:
<body >
ChkSessionOut.aspx.cs's code is as follows
The HTML tags in the chksessionout.aspx file are all deleted by me, so execute the following code, and only the output of the result
private void Page_Load (object sender, System.EventArgs e)
{
if (session["sUserID"]==null)
{
Response.Write ("IsNull");
Return
}
Else
{
Response.Write ("Notnull");
Return
}
}
In order to test the above program, I will change the content of the Web.config, the Session Settings section, change to a minute after the expiration
Web. Config file, set a minute after the expiration session place, as follows:
<sessionstate mode= "InProc" stateconnectionstring= tcpip=127.0.0.1:42424 "sqlconnectionstring=" Data source= 127.0.0.1; Trusted_connection=yes "cookieless=" false "timeout=" 1 "/>
Then I run the code, I specifically on the original IE, using the menu to open a new IE window, to ensure that they are checking the same session, in the address of the input chksessionout.aspx
, after the program is run, found the secret, a minute later, I point to refresh chksessionout.aspx page, incredibly output notnull, I think, right, I am every second to this page to send a request, so there is no reason for failure, then I will have no refresh technology of the page closed, after a minute, The output IsNull is found and the session is invalid.
The discovery is good, I was startled! Think of vs.net Good, it is a good tool, haha!
My environment iis5.0,win2000,vs.net2003.
And then I have to set the 30 second automatic request, no refresh technology of the main page is not closed, session does not expire, a close or 1 minutes after the failure, taking into account the 1 minutes/30 seconds is an integer, set to 50 seconds, no refresh technology of the main page does not close, it over 1 minutes, the failure of! Haha, fully understood! 1 minutes/ 50 seconds is not an integer, so the expiration, ah, is not a bug, we give evaluation evaluation!