问题
I want to detect when a asp.net Form Authentication ticket has expired. I then want to log to the server the user that was signed out because of inactivity. Is there an event that fires on the server when the authentication ticket has expired?
<sessionState mode="InProc" timeout="5"></sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Home/AccessDenied" timeout="5" />
</authentication>
In the global asax file, I have tried the Session_OnEnd(). But the context.user object is null. When i call membership.getuser() it returns null also. I have tried making the session timeout before the auth but that doesn't help. I am using mvc3 and ii7.5.
回答1:
Session and forms authentication have two completely separate timeouts. See my posting on this here:
How can I handle forms authentication timeout exceptions in ASP.NET?
In Application_PreRequestHandlerExecute you need to check the ticket.
Also be sure your session and forms auth timeouts are in sync using the code I posted there. Not just setting both to say 60 minutes. Since forms auth doesn't update the 'touched' time until half of the time passes by, and session time is updated on every request, they get out of sync.
来源:https://stackoverflow.com/questions/7797274/forms-authentication-timeout-logging