ASP.Net MVC 3 奇怪的 session 行为

Question

我有一个 mvc 3 应用程序，我使用自己的登录 View 实现授权，该 View 检查是否允许用户名和密码，然后在 session 中设置一个变量来表示用户已登录。的作品，但对于一种特定的观点来说，它的表现方式是一种奇怪的、不受欢迎的方式。所述 View 包含一个表单，我用它来输入一些数据并上传文件。由于某种我无法弄清楚的原因，在发布此表单后，将启动一个新 session ，因此记住用户已登录的变量将重置为 false，随后再次显示登录页面。

我不明白为什么应用程序此时要启动新 session ？我没有指示它这样做。任何人都可以推荐解决方案来阻止这种行为并让它保留旧 session 吗？

谢谢。

更新 - 一些代码:

请注意， session 似乎在响应发布的Create表单后立即终止

CMS Controller 在所有操作上使用名为“RDAutorize”的自定义 Autorize 属性:

[RDAuthorize]
public class PhotoCMSController : Controller
{

public ActionResult Create()
{
    /* Code omitted: set up a newPhoto object with default state */
    /* Display view containing form to upload photo and set title etc. */
    return View("../Views/PhotoCMS/Create", newPhoto);
}

[HttpPost]
public ContentResult Upload(int pPhotoId)
{   
    /* Code ommited: receive and store image file which was posted
     via an iframe on the Create view */  
    string thumbnail = "<img src='/path/to/thumb.jpg' />";
    return Content(thumbnail);
}

[HttpPost]
public ActionResult Create(string pPhotoTitle, string pCaption etc...)
{
     /*Code omitted: receive the rest of the photo data and save
      it along with a reference to the image file which was uploaded
      previously via the Upload action above.*/

      /* Display view showing list of all photo records created */
      return View("../Views/PhotoCMS/Index", qAllPhotos.ToList<Photo>());

      /* **Note: after this view is returned the Session_End() method fires in 
       the Global.asax.cs file i.e. this seems to be where the session is
       being lost** */
}

}/*End of CMS Controller*/

自定义授权操作过滤器:

public class RDAuthorize : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        Boolean authorized = Convert.ToBoolean(
            HttpContext.Current.Session["UserIsAuthorized"]
        );

        if (!authorized) {
            /* Not logged in so send user to the login page */
            filterContext.HttpContext.Response.Redirect("/Login/Login");
        }
    }

    public override void OnActionExecuted(ActionExecutedContext filterContext) {}
    public override void OnResultExecuting(ResultExecutingContext filterContext) {}
    public override void OnResultExecuted(ResultExecutedContext filterContext) {}

}/*End of Authorize Action Filter*/

登录 Controller :

public class LoginController : Controller
{
    private PhotoDBContext _db = new PhotoDBContext();

    public ActionResult Login()
    {
        string viewName = "";
        Boolean authorized = Convert.ToBoolean(Session["UserIsAuthorized"]);
        if (authorized)
        {
            viewName = "../Views/Index";
        }
        else
        {
            viewName = "../Views/Login/Login";
        }
        return View(viewName);
    }

    [HttpPost]
    public ActionResult Login(string pUsername, string pPassword)
    {
        string viewName = "";
        List<Photo> model = new List<Photo>();

        var qUsers = from u in _db.Users
                select u;

        foreach (User user in qUsers.ToList<User>())
        {
            /* If authorized goto CMS pages */
            if (pUsername == user.Username && pPassword == user.Password)
            {
                Session["UserIsAuthorized"] = true;
                var qPhotos = from p in _db.Photos
                              where p.IsNew == false
                              select p;

                model = qPhotos.ToList<Photo>();
                viewName = "../Views/PhotoCMS/Index";
                break;
            }
        }

        return View(viewName, model);

    }

}/* End of Login controller */

Answer 1

结果整个 ASP.Net 应用程序正在重新启动，因为作为照片上传的一部分，我将图像文件存储在临时文件夹中，然后在将文件移动到永久位置后删除该目录。显然，如果网站内的目录被删除，ASP.Net 的默认行为是重新启动。我找到了这个post其中描述了问题并提供了解决方案，其中将以下代码添加到 Global.asax.cs 文件中。实现此解决方案解决了该问题。通过从 Application_Start() 事件调用 FixAppDomainRestartWhenTouchingFiles() 来应用修复:

    protected void Application_Start()
    {
        FixAppDomainRestartWhenTouchingFiles();
    }

    private void FixAppDomainRestartWhenTouchingFiles()
    {
        if (GetCurrentTrustLevel() == AspNetHostingPermissionLevel.Unrestricted)
        {
            /* 
             From: http://www.aaronblake.co.uk/blog/2009/09/28/bug-fix-application-restarts-on-directory-delete-in-asp-net/
             FIX disable AppDomain restart when deleting subdirectory
             This code will turn off monitoring from the root website directory.
             Monitoring of Bin, App_Themes and other folders will still be 
             operational, so updated DLLs will still auto deploy.
            */

            PropertyInfo p = typeof(HttpRuntime).GetProperty(
                "FileChangesMonitor", BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.Static);
            object o = p.GetValue(null, null);
            FieldInfo f = o.GetType().GetField(
                "_dirMonSubdirs", BindingFlags.Instance | BindingFlags.NonPublic | BindingFlags.IgnoreCase);
            object monitor = f.GetValue(o);
            MethodInfo m = monitor.GetType().GetMethod(
                "StopMonitoring", BindingFlags.Instance | BindingFlags.NonPublic);
            m.Invoke(monitor, new object[] { });
        }
    }

    private AspNetHostingPermissionLevel GetCurrentTrustLevel()
    {
        foreach (AspNetHostingPermissionLevel trustLevel in
            new AspNetHostingPermissionLevel[] {
                AspNetHostingPermissionLevel.Unrestricted,
                AspNetHostingPermissionLevel.High,
                AspNetHostingPermissionLevel.Medium,
                AspNetHostingPermissionLevel.Low,
                AspNetHostingPermissionLevel.Minimal }
            )
        {
            try
            {
                new AspNetHostingPermission(trustLevel).Demand();
            }
            catch (System.Security.SecurityException)
            {
                continue;
            }

            return trustLevel;
        }

        return AspNetHostingPermissionLevel.None;
    }