asp.net mvc 4 - .Net MVC - Display "session expired" only for private pages -

-

i'm developing .net mvc 4 application needs show message "session expiration" user if performs action after session timeout.

i'm using forms authentication long timeout , sesion shorter timeout, can know if session expired or it's new visitor. web.config section that:

<authentication mode="forms">   <forms loginurl="~/login" timeout="10080" defaulturl="~/index" /> </authentication> <sessionstate mode="inproc" timeout="20" />

as said, that's differentiate new visitor session timeout, , not necessary application itself. can changed if same result can achieved else.

with in web.config, can following in global.asax:

protected void session_start(object sender, eventargs e) {     //if it's new session , user authenticated, it's session timeout     if (request.isauthenticated)     {         if (request.requestcontext.httpcontext.request.isajaxrequest())         {             //...             //ajax handling code             //...             //the redirect can return jsonresult standard object message             response.redirect("/getjson?some_parameters, true);         }         else         {             response.redirect("/sessionexpired", true);         }     } }

all works great private sections of website require login. problem if user logged, wait session timeout, , try open "public" page, 1 doesn't require login, still gets "session expired" message. that's want avoid. "session expire" message should showed user if he's trying access page requires log in.

i've tried set flag in session_start , redirect in later event of global.asax, didn't work because had variable accessibility issues. thought of trying check if current action has [allowanonymous] attribute can skip redirect, couldn't figure out how. answers read gave me impression "session expire" logic should in custom attribute don't know if that's right approach.

my question be, what's best way of accomplish "session expire" "private" pages in .net mvc 4?

as say, ideal use attribute. more exact attribute named "action filter".

you can create actionfilter implementing interface, or inheriting existing one.

in case think easiest way result inherit authorizeattribute, , override onauthorization method.

in method can access httpcontext property of filtercontext parameter: filtercontext.httpcontext. can check session, authorization, , check if it's ajax request using property. if need redirect, must setting property of filtercontext parameter:

filtercontext.result = new redirectresult("...url redirect to...");

you can use overload of redirectresult or redirecttorouteresult constructor.

if leave result property untouched, nothing special happen.

the can use custom attribute instead of original authorization attribute.


Comments

Post a Comment

Popular posts from this blog

javascript - Count length of each class -

-
i have below code in this fiddle . html <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> javascript $('.myname').each(function(){ var text = $(this).html().split(' '), len = text.length, test = $(this).val().length, result = []; console.log('outside: ' + test); for( var = 0; < len; i++ ) { result[i] = '<span class="name-'+[i]+'" >' + text[i] + '</span>'; console.log('inside: ' + test); } $(this).html(result.join(' ')); console.log('after
Read more

What design pattern is this code in Javascript? -

-
this question has answer here: why write “.call(this)” @ end of javascript anonymous function? [duplicate] 4 answers what kind of design pattern , significance of using closure? (function(){ // code here }).call(this); edit then difference between above code , following this keyword still refer same object in both ways. (function(){ // code here })(); thats invoked function expression. more info here: http://benalman.com/news/2010/11/immediately-invoked-function-expression/ the purpose run code while protecting scope (so variables declared within don't leak out global scope. update call sets value of this function being applied on. without it, value set window object, there set outer scope.
Read more

hadoop - Restrict secondarynamenode to be installed and run on any other node in the cluster -

-
i have have cloudera cdh3u4 cluster setup. have secondarynamenode daemon running on 1 of nodes. i have ensure user has root access node on cluster (for example, datanode not have other daemons running) should not able start instance of secondarynamenode daemon on node (thereby having 2 secondarynamenodes on cluster) how can achieve this? thanks in advance. add property hdfs-site.xml namedfs.secondary.http.address valuesecondarynamenode-host address or ip:50090
Read more