The trick to remember about the session expiration is that this happens in the the worker process running behind the scenes and there is no direct way to notify the user without going back to the server to check the state of things.

要记住会话过期的技巧是，这种情况发生在后台运行的工作进程中，并且没有直接的方法可以在不返回服务器检查事物状态的情况下通知用户。

What I do is I have the page register a Javascript block that will redirect the user to the login page again after the designated timeout:

我要做的是让页面注册一个 Javascript 块，该块将在指定的超时后再次将用户重定向到登录页面：

Page.ClientScript.RegisterStartupScript(Me.GetType, "TimeoutScript", 
"setTimeout(""top.location.href = '~/Login.aspx'""," &
 ConfigurationManager.AppSettings("SessionTimeoutMilliseconds") & ");", True)

You'll notice that I have the actual milliseconds stored in my web.config file so that I can adjust the timeout length as needed.

您会注意到我在 web.config 文件中存储了实际毫秒数，以便我可以根据需要调整超时长度。

Using this, combined with the typical Session_End event in the Global.asax file makes a pretty clean way of handling session timeouts in my web apps.

使用它，结合 Global.asax 文件中典型的 Session_End 事件，可以在我的网络应用程序中处理会话超时的一种非常干净的方式。

Kind of a late reply, but, if you're using the standard asp.net membership provider you could also use the config below.

有点晚回复，但是，如果您使用标准的 asp.net 会员资格提供程序，您也可以使用下面的配置。

The basic idea for this is to have your authentication cookie + session expire at the same time. The automatic behaviour of asp.net would be to take you back to the defined login page. The "slidingExpiration" attribute on the auth cookie would need to be 'true' to keep extending it's life while the session is active.

其基本思想是让您的身份验证 cookie + 会话同时过期。asp.net 的自动行为将带您返回到定义的登录页面。身份验证 cookie 上的“slidingExpiration”属性需要为“true”，以在会话处于活动状态时继续延长其生命周期。

<system.web>
  <sessionState mode="InProc" cookieless="false" timeout="20" />
  <authentication mode="Forms">
    <forms name=".SAMPLESITEAUTH" loginUrl="~/Login.aspx" protection="All" timeout="20" slidingExpiration="true" path="/" cookieless="UseCookies"></forms>
  </authentication>
</system.web>

One option instead of setting a client side timer to blindly redirect, is to have the timer hit a small webservice which could indicate if the user should be redirected. What this does is give you a lot more flexibility you could redirect a user under many cases including:

一个选项，而不是设置客户端计时器盲目重定向，是让计时器命中一个小的 web 服务，它可以指示用户是否应该被重定向。这为您提供了更大的灵活性，您可以在许多情况下重定向用户，包括：

• Session Expired
• Same user account logged in from another machine
• Site is going into to maintneance mode and you want to kick users out.

• 会话过期
• 从另一台机器登录的相同用户帐户
• 站点正在进入维护模式，您想将用户踢出去。

I've used this method with a lot of success, for handling multiple user accounts. As for handling session you'd prolly want to listen for the session timeout even then store in a hash table whose session timed out.

我已经成功地使用这种方法来处理多个用户帐户。至于处理会话，即使存储在会话超时的哈希表中，您仍然希望侦听会话超时。

When that user calls the web service you remove them from the hash and tell the client code to redirect them.

当该用户调用 Web 服务时，您将它们从哈希中删除并告诉客户端代码重定向它们。

Another nice thing about this type of system is you can track when the browser hits the server, so you can get a better sense of who is still online.

这种类型的系统的另一个好处是您可以跟踪浏览器何时访问服务器，因此您可以更好地了解谁仍然在线。

EDIT

编辑

In Response to Comment Bellow:

回应以下评论：

I don't think calling a public method would be cleaner. As soon as you do this you make an assumption that all pages share a single master page or common base class. I wouldn't want to make that assumption. Additionally, if you intend to use the PageMethods approach this won't work since PageMethods must be static.

我不认为调用公共方法会更干净。一旦你这样做，你就假设所有页面共享一个母版页或公共基类。我不想做出这样的假设。此外，如果您打算使用 PageMethods 方法，这将不起作用，因为 PageMethods 必须是静态的。

I'm not exactly sure what your intention is but if you were going to call this method on each request then I would do that using a http module and hook into the pipeline; however, this only works when a request is made. By using a web service with a client side timer you can redirect the user even if they are not making any requests.

我不确定您的意图是什么，但是如果您要在每个请求上调用此方法，那么我会使用 http 模块并挂钩到管道中；但是，这仅在提出请求时有效。通过使用带有客户端计时器的 Web 服务，您可以重定向用户，即使他们没有发出任何请求。

Can you tie into the Session_End event in the Global.asax file?

您能与 Global.asax 文件中的 Session_End 事件联系起来吗？

Bellow Answer is the best example ever and ever......

Bellow Answer 是有史以来最好的例子......

Better to try this way:

最好尝试这种方式：

Page.ClientScript.RegisterStartupScript(Me.GetType, "TimeoutScript", "setTimeout(""top.location.href = '~/Login.aspx'""," & ConfigurationManager.AppSettings("SessionTimeoutMilliseconds") & ");", True)

You'll notice that I have the actual milliseconds stored in my web.config file so that I can adjust the timeout length as needed.

您会注意到我在 web.config 文件中存储了实际毫秒数，以便我可以根据需要调整超时长度。

Using this, combined with the typical Session_End event in the Global.asax file makes a pretty clean way of handling session timeouts in my web apps.

使用它，结合 Global.asax 文件中典型的 Session_End 事件，可以在我的网络应用程序中处理会话超时的一种非常干净的方式。

Regards, Nagaraju R || Dell PerotSystems ||

问候， Nagaraju R || 戴尔佩罗系统 ||