First, describe the situation:The company implements a monitoring system. The B/S structure is mainly used inside the LAN! It may take a long time for the monitoring system to start up. The Administrator's ID and permissions are written in the session. The reason I Don't Need cookies may be that cookies are not very secure, or in the LAN, only a few machines access the server, and there are few sessions, so even if the session is always maintained, it will not occupy too much resources, at least the server can afford it. Session persistence method:Some people say that session. Timeout =-1, or a number smaller than 0. This method is definitely not feasible. The session computing time is measured in minutes and must be an integer greater than or equal to 1. Some people say that session. Timeout is set to 99999. This is also not possible, and the session has the maximum time limit. After testing, I found that the maximum value is 24 hours. That is to say, you can set the maximum value of session. Timeout = 1440,1441. My testing environment: win2003 + iis6.0 + asp3.0. Therefore, it is impossible to set the expiration time of session. timeout to never expire the session. Writing cookies is a good method. There are also many such tutorials on the Internet. I will not talk about them here! In addition, it is used to set the hidden IFRAME in the page to keep the session (this time is less than the time of session. Timeout) to refresh the blank page in the new frame! The implementation method is as follows: Add:
<IFRAME width = 0 Height = 0 src = "sessionkeeper. asp"> </Iframe> |
Create the sessionkeeper. asp file in the same directory.
<HTML> <Head> <Meta http-equiv = "refresh" content = "900000; url = sessionkeeper. asp"> <! -- Refresh yourself every 900 seconds. In order to communicate with the server, the session will not be lost. --> </Head> </Html> |
This method is still quite straightforward. There is also a similar method as above, but it is not a method that uses Meta to automatically commit new nested IFRAME. He uses JavaScript: window. setTimeout ("functionname ()", 10000); the method for automatically calling a function at the interval of time. Of course, the function still needs to connect to an empty file. The specific method is as follows: Add:
<SCRIPT id = back Language = JavaScript> </SCRIPT> <Script language = JavaScript> Function keepsession (){ Document. All ["back"]. src = "sessionkeeper. asp? Randstr = "+ math. Random (); // Here randstr = math. Random is used only to make the values of back. SRC different each time to prevent invalid refresh of the same address. Window. setTimeout ("keepsession ()", 900000); // call itself every 900 seconds } Keepsession (); </SCRIPT> |
In this way, you can create a sessionkeeper. asp file with empty content in the same directory! The problem persists:Through the above method, session persistence should be okay. By default, no request is sent to IIS to clear the session value for 20 minutes. The time of each interaction service I set is much smaller than this value, but I spent more than a day, and the session was lost for no reason! Depressed. Later, I finally found the answer on the Internet: in order to protect the server, IIS had a concept of "Recycling! After testing for half a day, I finally got a general understanding (don't laugh at me ^-^ ). First, let's see where this "recycle" is set. Start IIS Manager-> ApplicationProgramPool-> right-click-> properties-> recycle tab. One of the items takes effect by default, that is, the first item: "recycle Worker Process (minutes)". The default value is 1740 minutes, about 29 hours. What does he mean? I personally understand: After session. Timeout, all the remaining sessions will be automatically cleared in 1740 minutes. This value can be set to 4000000 at most, which is more than 2700 days! I canceled it directly. I don't need it to be recycled automatically! The problem is finally solved. In addition, there are several other items in this attribute dialog box: the second item should be that the number of connected users has exceeded a certain amount of recycling. The third item is automatic recovery at a certain time. On the "performance" tab, "Disable working processes after idle for this period". This is where the default session. Timeout time of IIS is set. The default value is 20 minutes. The maximum value can be set to 4000000, which is different from the maximum value of session. Timeout on the ASP page. Here, I want to set whether a value greater than 1440 works. I didn't test it. I think it should work. So why is the maximum value of session. Timeout on the ASP page only 1440 that can be set in the IIS attribute? It should belong to a protection mechanism: ASP page session. the timeout value can be set by any user, but only the administrator can set it in IIS. the permissions of the two are different, so the Set range is different. correct the above errors! Hope there are no mistaken ones. |