0
道歉提前爲下面的文本的牆,但我想一定要包括在日誌中任何可能有用....單頁的應用程序失去身份驗證令牌的cookie
我有一個ASP .Net MVC應用程序,其主接口是使用SignalR的單頁應用程序。對於用戶突然「不工作」的情況,我們偶爾會遇到問題 - 其根本原因是他們不再被認證。我每分鐘都有一個MVC請求來保持會話的活躍,並且SignalR每隔5分鐘也有自己的保持活動狀態。它似乎與特定的時間間隔沒有關係,因爲大多數時候,用戶使應用程序一整天都沒有問題地打開。我在下面的Web服務器中包含了一個註釋的IIS日誌示例。爲了便於閱讀,認證令牌和會話值已縮短。請注意,身份驗證令牌會多次更新而不會有任何問題。然後,突然間,瀏覽器不再發送身份驗證令牌。
+------------+----------+-----------+------------------------------+-------------+-------------------------------------+-----------+------------------------------------------------------------------------------------------------+
| date | time | cs-method | cs-uri-stem | cs-username | cs(Cookie) | sc-status | comment |
+------------+----------+-----------+------------------------------+-------------+-------------------------------------+-----------+------------------------------------------------------------------------------------------------+
| 2015-11-04 | 10:54:30 | GET |/ | - | - | 302 | user requesting page for the first time; redirect to login page |
| 2015-11-04 | 10:54:30 | GET | /Account/Login | - | - | 200 | login page GET |
| 2015-11-04 | 10:54:46 | POST | /Account/Login | - | | 302 | login page POST; authenticate and redirect to content page |
| 2015-11-04 | 10:54:46 | GET |/ | user123 | .VWRID=AAAA | 302 | content page GET; user is logged in |
| 2015-11-04 | 10:54:46 | GET | /Account/SelectConfiguration | user123 | .VWRID=AAAA | 200 | user doing stuff; no problem |
| 2015-11-04 | … | … | … | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | user doing stuff; no problem |
| 2015-11-04 | 10:54:50 | GET | /signalr/negotiate | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | SignalR connection |
| 2015-11-04 | 10:54:50 | GET | /signalr/start | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 10:54:50 | POST | /signalr/send | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 10:55:50 | POST | /Home/CheckVersion | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | keepalive for ASP.Net session; once/min |
| 2015-11-04 | … | … | … | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | user doing stuff; no problem |
| 2015-11-04 | 10:59:50 | GET | /signalr/ping | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | SignalR keepalive; once/5 min |
| 2015-11-04 | 11:00:50 | … | … | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 11:08:50 | POST | /Home/CheckVersion | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 11:09:50 | POST | /Home/CheckVersion | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | renewed ASP.net token sent to client (?) |
| 2015-11-04 | 11:09:50 | GET | /signalr/ping | user123 | .VWRID=BBBB;+ASP.NET_SessionId=ses1 | 200 | new ASP.net token sent to server |
| 2015-11-04 | 11:10:50 | POST | /Home/CheckVersion | user123 | .VWRID=BBBB;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 11:11:50 | POST | /Home/CheckVersion | user123 | .VWRID=BBBB;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | … | … | … | user123 | .VWRID=BBBB;+ASP.NET_SessionId=ses1 | 200 | user doing stuff; no problem |
| 2015-11-04 | 11:24:32 | POST | /signalr/send | user123 | .VWRID=BBBB;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 11:24:50 | POST | /Home/CheckVersion | user123 | .VWRID=BBBB;+ASP.NET_SessionId=ses1 | 200 | renewed ASP.net token sent to client (?) |
| 2015-11-04 | 11:24:50 | GET | /signalr/ping | user123 | .VWRID=CCCC;+ASP.NET_SessionId=ses1 | 200 | new ASP.net token sent to server |
| 2015-11-04 | 11:25:50 | POST | /Home/CheckVersion | user123 | .VWRID=CCCC;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | … | … | … | user123 | .VWRID=CCCC;+ASP.NET_SessionId=ses1 | 200 | user doing stuff; no problem |
| 2015-11-04 | … | … | … | user123 | .VWRID=CCCC;+ASP.NET_SessionId=ses1 | 200 | same pattern continues, until… |
| 2015-11-04 | 11:58:50 | POST | /Home/CheckVersion | user123 | .VWRID=EEEE;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 11:59:50 | POST | /Home/CheckVersion | user123 | .VWRID=EEEE;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 11:59:50 | GET | /signalr/ping | user123 | .VWRID=EEEE;+ASP.NET_SessionId=ses1 | 200 | |
| 2015-11-04 | 12:00:50 | POST | /Home/CheckVersion | - | - | 302 | NO AUTHENTICATION COOKIE! |
| 2015-11-04 | 12:00:50 | GET | /Account/Login | - | - | 200 | JSON request "redirected" but user never notified |
| 2015-11-04 | 12:01:50 | POST | /Home/CheckVersion | - | | 302 | |
| 2015-11-04 | 12:01:50 | GET | /Account/Login | - | | 200 | |
| 2015-11-04 | … | POST | /Home/CheckVersion | - | | 302 | same pattern… |
| 2015-11-04 | … | GET | /Account/Login | - | | 200 | |
| 2015-11-04 | 12:04:49 | GET | /signalr/ping | - | | 200 | signalr keepalive returns HTTP 200 (?)… |
| 2015-11-04 | 12:05:50 | POST | /Home/CheckVersion | - | | 302 | |
| 2015-11-04 | 12:05:50 | GET | /Account/Login | - | | 200 | |
| 2015-11-04 | … | POST | /Home/CheckVersion | - | | 302 | |
| 2015-11-04 | … | GET | /Account/Login | - | | 200 | |
| 2015-11-04 | 12:16:43 | POST | /signalr/send | - | | 403 | … but signalr requests fail because they need to be authenticated |
| 2015-11-04 | … | POST | /signalr/send | - | | 403 | |
| 2015-11-04 | 12:43:23 | POST | /signalr/abort | - | | 403 | at some point signalr aborts |
| 2015-11-04 | 12:43:23 | GET | /signalr/connect | user123 | .VWRID=AAAA;+ASP.NET_SessionId=ses1 | 200 | and reconnects with the ORIGINAL authentication token (?) |
| 2015-11-04 | 12:43:23 | GET |/ | - | | 302 | User realizes there is a problem and refreshed the page, forcing the login process to initiate |
| 2015-11-04 | 12:43:23 | GET | /Account/Login | - | | 200 | |
| 2015-11-04 | 12:43:35 | POST | /Account/Login | - | | 302 | |
| 2015-11-04 | 12:43:35 | GET |/ | user123 | .VWRID=FFFF | 302 | and we're good again… |
| 2015-11-04 | 12:43:36 | GET | /Account/SelectConfiguration | user123 | .VWRID=FFFF | 200 | |
| 2015-11-04 | … | … | … | user123 | .VWRID=FFFF;+ASP.NET_SessionId=ses2 | 200 | |
| 2015-11-04 | 15:43:02 | POST | /Home/CheckVersion | user123 | .VWRID=GGGG;+ASP.NET_SessionId=ses2 | 200 | still going strong nearly 2 hours later. |
+------------+----------+-----------+------------------------------+-------------+-------------------------------------+-----------+------------------------------------------------------------------------------------------------+
web.config中的相關部分:
<system.web>
<authentication mode="Forms">
<forms name=".VWRID" loginUrl="~/Account/Login" timeout="30" slidingExpiration="true" protection="All" requireSSL="true" />
</authentication>
</system.web>
沒有人有任何想法可能在這裏怎麼回事,如何解決?
[UPDATE]
在看着日誌,這僅似乎影響上IE 10. SignalR傳輸機制的用戶正在使用的有foreverFrame。我想知道這是否是該傳輸的SignalR錯誤。我打算降級這些客戶端以使用長輪詢並查看問題是否消失。