2

我正在使用 WebMatrix 并在我的网站上应用了登录系统。我遇到了一个奇怪的问题。我的网站不断随机注销用户。意外发生。不仅在我的代码上,而且在 WebMatrix 示例项目中也发生了。

我的 Web.Config 文件是:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <appSettings>
    <add key="loginUrl" value="~/login" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <sessionState timeout="20" />
    <!-- This is for links with incorrect file extensions -->
    <!-- This only handles .NET based errors, not classic web like HTML or ASP based extensions -->
    <customErrors mode="Off">
      <error statusCode="403" redirect="/Shared/Error404.cshtml" />
      <error statusCode="404" redirect="/Shared/Error404.cshtml" />
      <error statusCode="500" redirect="/Shared/Error500.cshtml" />
    </customErrors>
  </system.web>
  <system.webServer>
    <!-- This handles all other types of link errors -->
    <httpErrors errorMode="Custom">
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" path="/Shared/Error404.cshtml" responseMode="ExecuteURL" />
    </httpErrors>
  </system.webServer>
  <system.data>
    <DbProviderFactories>
      <remove invariant="System.Data.SqlServerCe.4.0" />
            <add invariant="System.Data.SqlServerCe.4.0" name="Microsoft® SQL Server® Compact 4.0" description=".NET Framework Data Provider for Microsoft SQL Server Compact" type="System.Data.SqlServerCe.SqlCeProviderFactory, System.Data.SqlServerCe, Version=4.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" />
    </DbProviderFactories>
  </system.data>
</configuration>

我已将会话超时定义为 20 分钟。我使用相同的简单方式登录用户。

    if (WebSecurity.Login(email, password, rememberMe)) {
        Context.RedirectLocal(returnUrl);
        return;
    } else {
        ModelState.AddFormError("The user name or password provided is incorrect.");
    }

这就是我检查我的用户是否在安全页面中登录的方式:

if (!WebSecurity.IsAuthenticated) {
    Response.Redirect("~/login", true);
}

我在谷歌上搜索了一下,也很少有人抱怨 WebMatrix WebSecurity 随机注销用户。有时在执行活动时,例如表单提交或有时是简单的 url 点击。

有什么想法或建议吗?甚至有人建议我放弃 Razor 并转移到 MVC,它没有这个问题。我不确定那是否属实。

更新

我的所有安全页面顶部都有以下代码(需要用户登录)。有人认为这会导致问题吗?

// Ensure this page is not cached    
Response.Expires = -1;
Response.Cache.SetNoServerCaching();
Response.Cache.SetAllowResponseInBrowserHistory(false);
Response.CacheControl = "no-cache";
Response.Cache.SetNoStore();

谢谢-法拉兹·阿扎尔

4

1 回答 1

0

I will have to check further, i remember some weirdo setting to increase the cookie stay-logged-in time. Here's what's in my config and i don't see anything else that has a time:

  <system.web>
    <customErrors mode="RemoteOnly" defaultRedirect="~/error/"></customErrors>
    <compilation debug="true" targetFramework="4.0" />
    <authentication>
      <forms timeout="10080" />
    </authentication>
于 2013-02-05T18:02:29.340 回答