Question

我的网页上装满页数,其中大多数需要一些届会变量才能运行。

i 想在我看来采用一些防御守则。在什么地方,最适于像:

if (Session.Count == 0){
                Response.Redirect("~/default.aspx");
}

EDIT:如果目前一页已经消失,如何检查。页: 1

Answer 1

很困难,幸运的是,它得到解决。

页: 1

这里是法典

    /// <summary>
    /// The event occurs just after Initialization of Session, and before Page_Init event
    /// </summary>
    protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e)
    {
        // here it checks if session is reuired, as
        // .aspx requires session, and session should be available there
        // .jpg, or .css doesn t require session so session will be null
        // as .jpg, or .css are also http request in any case
        // even if you implemented URL Rewritter, or custom IHttp Module
        if (Context.Handler is IRequiresSessionState
               || Context.Handler is IReadOnlySessionState)
        {
            // here is your actual code
            // check if session is new one
            // or any of your logic
            if (Session.IsNewSession
                || Session.Count < 1)
            {
                // for instance your login page is default.aspx
                // it should not be redirected if,
                // if the request is for login page (i.e. default.aspx)
                if (!Context.Request.Url.AbsoluteUri.ToLower().Contains("/default.aspx"))
                {
                    // redirect to your login page
                    Context.Response.Redirect("~/default.aspx");
                }
            }
        }
    }

www.un.org/Depts/DGACM/index_spanish.htm Edit 1: Explanation & Conclusions

其中一个故事讲述了。

发生了大量事件。

Actually events in Global.asax raises in the following sequence

Validate Request // looks just internal mechanism
履行《乌拉圭回合行动计划》
Raise the BeginRequest activity.
Raise the AuthenticateRequest event.
Raise the PostAuthenticateRequest event.
Raise the AuthorizeRequest event.
Raise the PostAuthorizeRequest event.
Raise the ResolveRequestCache event.
Raise the PostResolveRequestCache event.
Just selects a class who implemented IHttpHandler for the application // looks just internal mechanism
Raise the PostMapRequestHandler event.
Raise the AcquireRequestState event. just before raising this event asp.net loads the State like Session
Raise the PostAcquireRequestState event.
Raise the PreRequestHandlerExecute event.
Call the ProcessRequest method

Conclusion: All the events before AcquireRequestState event don t have Session object, because Session is not loaded by ASP.Net, so any event from *"AcquireRequestState** event gives Session object therefore this problem solves. However some checks are required as I mentioned in above code

Answer 2

一种方法是在<代码>上设置一个进行这一检查的页基级。页: 1 另一种方法是将电离层带入。虽然在<代码>Application_BeginRequest上没有会议,但应当在Application_AcquireRequestState中提供。由于不是标准网络要求,这应使与会者能够参加本届会议,以完成你想要的东西。

Answer 3

http://www.un.org/Depts/DGACM/index_french.htm

总结我们的想法:

protected void Application_AcquireRequestState(object sender, EventArgs e)
{
    if ((Session.Count == 0) &&
       !(Request.Url.AbsolutePath.EndsWith("default.aspx",
         StringComparison.InvariantCultureIgnoreCase)))
    {
        Response.Redirect("~/default.aspx");
    }
}

Answer 4

Be careful with your approach. I don t think it is a good idea to validate globally if certain Session information exists or not. It can get become very messy, very fast. Only certain pages might require specific Session variables, which differ from other pages. Further down the road you might even have some content which can be safely accessed without any existing Session state. Then you will have to start coding exceptions to your rule...

你在这些会议上储存哪些信息? 如果你进一步阐述,我们或许可以提出更好的办法。

Answer 5

仔细阅读Session.Count = 0,因为像会议一样,会议储存在暗中。

最好是看上像<代码>(Session[“UserName”]=无),其中Session[“UserName]是你明确储存某种用户。

除此以外,Global.asax是最佳地方(ASP.NET 应用程序周期:

<>strong>ALSO, 您必须检查你不是,目前是 on ~/default.aspx,因为否则你会有一个无限的休息室。

友情链接