How can I prevent the Ajax call to save the session?

Question

How can I prevent the Ajax call to save the session?

I use cookie authentication in MVC5 . My web pages rely heavily on authenticated as well as unauthenticated Ajax calls every 1-5 seconds to update the data. Therefore, my users never log out.

My ideal scenario: if the user is actively viewing or conducting activities on my site, continue the session. If they left the page open after 10 minutes, I would like their session to be a timeout and I will use Ajax crashes to redirect to the login page. I think this is best done at the controller or action level.

I tried to control the behavior of the session state, as suggested below, but the session still did not leave. After 65 seconds of hitting ReadOnly / Public once per second, I call ReadOnly / Authorized and successfully retrieve data from it.

Here is my CookieAuthentication configuration.

 public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), ExpireTimeSpan = TimeSpan.FromMinutes(1), }); }

My test page:

 <div id="public"></div> <div id="authorized"></div> @section scripts{ <script> function poll(times) { var url = '/ReadOnly/Public'; $.ajax({ url: url, dataType: 'json', data: null, cache: false, success: function (data) { $('#public').html(times + ' ' + data.test); }, error: function (data) { $('#public').html(times + ' ' + 'failed'); } }); }; function checkAuth(times) { var url = '/ReadOnly/Authorized'; $.ajax({ url: url, dataType: 'json', data: null, cache: false, success: function (data) { $('#authorized').html(times + ' ' + data.test); }, error: function (data) { $('#authorized').html(times + ' ' + 'failed'); } }); }; $(function () { var times = 1; setInterval(function () { poll(times); times++; }, 1000); setInterval(function () { checkAuth(times); }, 65000); }); </script> }

and the code of the test controller (I tried this with both disabled and readonly settings)

 using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; using System.Web.SessionState; namespace SessionTest.Controllers { [SessionState(SessionStateBehavior.ReadOnly)] public class ReadOnlyController : Controller { [Authorize] public ActionResult Authorized() { return Json(new { test = "ReadOnly and Authorized" }, JsonRequestBehavior.AllowGet); } public ActionResult Public() { return Json(new { test = "ReadOnly and Public" }, JsonRequestBehavior.AllowGet); } } }

+7

ajax asp.net-mvc-5

Bill shihara May 04 '14 at 17:24

source share

5 answers

I would not use a timeout in this situation. In fact, I try to avoid them if there is no fundamental and key reason why they are necessary, otherwise they will simply become a nuisance.

However, if you feel that you need it, I would execute it in this case, creating a separate javascript function with a timer and reset with user input. If the timer is completed, an ajax call is made, performing a manual invalidation session on the server side.

+2

Nimchimpsky May 7, '14 at 13:19

source share

I would set up a listener method or class so as not to use a session that would prevent it from expanding.

Attributes are available for both methods and controllers that provide different session modes.

More details here: http://www.dotnet-tricks.com/Tutorial/mvc/906b060113-Controlling-Session-Behavior-in-Asp.Net-MVC4.html

+2

Christian landgren May 09 '14 at 6:45

source share

Ajax calls will save the session.

One approach is to set a timeout on the client side to clear the cookie after a while. I'm not sure you have more options.

If calls every 5 seconds refer only to an unauthenticated request, just save the cookie from the ajax request.

+2

Bart calixto May 13, '14 at 19:21

source share

I think that by default, the sliding expiration is set to true.

I think that maybe when the call that was made to the Public action, he made a cookie and thereby extended the waiting time.

  public ActionResult Public() { return Json(new { test = "ReadOnly and Public" }, JsonRequestBehavior.AllowGet); }

If I asked this below: (SlidingExpiration = false). I get an error message.

  app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), ExpireTimeSpan = TimeSpan.FromMinutes(1.0), SlidingExpiration = false //Provider = new CookieAuthenticationProvider //{ // OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( // validateInterval: TimeSpan.FromMinutes(30), // regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) //} });

0

Macwise May 14, '14 at 1:15

source share

Believe2014 · Accepted Answer · 2014-05-13T19:21:39+0000

You may need to have 2 separate web applications. One of them is designed to serve authenticated requests. The other is for all public requests.

This is similar to how the Google Analytics script creates and maintains its own session on the Google side about your site, without affecting the internal session management of your web application. Otherwise, you will encounter ASP.NET default behavior, how it processes cookies and keeps the session in active mode.

Good luck.

How can I prevent the Ajax call to save the session?

More articles: