問題描述
如何在 ASP.NET、VB.NET 中解決這個會話問題? (How to tackle this session problem in ASP.NET,VB.NET?)
在ASP.NET,VB.NET中如何解決這個會話問題?
有如下要求:
當授權用戶登錄系統時,該用戶不是允許從另一台計算機或該用戶當前使用權限以外的其他瀏覽器登錄。
我們應用的補救措施是:我們將“Is_Loggedin”保留為數據類型為“bit”的列一個 mst_vendor 作為表名。當用戶登錄時,我們將標誌 Is_Loggedin 設置為“1”,每次有人嘗試使用此帳戶登錄時,系統都會顯示錯誤“用戶已登錄”。
< p>當用戶註銷時,一旦用戶單擊註銷按鈕,註銷過程就會調用,它會變為“0”。問題場景:
當用戶關閉瀏覽器時flag保持不變,即“1”。
當電源關閉,它保持與“1”相同。
如果會話在預定義值後超時,則保持不變。
除此之外可能還有不同的場景。
有什麼方法可以讓我們使用應用程序對象存儲用戶登錄狀態的內部標記?
它可以提高系統的效率,也可以消除上面的問題場景。
除此之外可能還有不同的場景。有什麼方法可以讓我們使用應用程序對象存儲用戶登錄狀態的內部標記?
它可以提高系統的效率,也可以消除上述有問題的場景。
除此之外可能還有不同的場景。有什麼方法可以讓我們使用應用程序對象存儲用戶登錄狀態的內部標記?
它可以提高系統的效率,也可以消除上述有問題的場景。
參考解法
方法 1:
You should use the Global.asax file and use the Session_End function.
Session_End: Fired when a user's session times out, ends, or they leave the application Web site.
方法 2:
Store a datetime as another column next to the bit, and update it each and every time the user requests a page.
When a new user comes along with the same credentials and the bit is "1" you can check the datetime, and if it was a while ago you can be certain the user is no longer there. So let the login go ahead.
方法 3:
You could keep a pulse going in script, and when the pulse times out, consider the user finished with that session.
The benefit to this is that you can tell the difference between the user sitting idle on the site and the user leaving the site.
方法 4:
Yeah, a script would be a good idea. Just set the session timeout to be 5 minutes instead of 20 and then write a method into session.end in the global.asax file that updates the database accordingly.
方法 5:
From a very top level view, here is what you can do
Use Cache with SlidingExpiration.
Everytime a user attempts login, check the cache with his username as the key. If an entry exists in the cache, you can say that user is already logged in and deny login.
If the key is not found, allow login and create a new key in the cache as the username and set the sliding expiration time. (This should be carefully chosen as this would be the duration, the user wouldnt be locked out after the browser is closed and user attempts to relogin.)
In the Application_PreRequestHandlerExecute handler in Global, check if the user is currently active (you can use sessions for this), reset the sliding expiration time for the user. This way, with each page request the cache expiration time would be reset.
If the user closes the browser and moves off, the cache would expire after the set period of time, and would free the user to log in again.
if in case the user attempts to login again before the cache expires, the user would have to wait for some time to let the cache expire.
if the user logs off properly, you can remove the cache entry on the logoff event such that user doesnt have to wait to relogin.
The Sliding expiration timeout can be synced with session timeout to emulate the actual session timeout for the application.
With this approach, you would also save on a lot of database round trips to update/check the user status and this would work irrespective of the hosting enviornment or the session modes.
(by vishal、Kimtho6、m.edmondson、tenfour、Exitos、Danish Khan)