會話控制操作過濾器 - pageajax 請求

通常,身份驗證和授權過程由 .net MVC 中的內建 cookie 和令牌支援執行。但是如果你決定用 Session 自己做,你可以使用以下邏輯來處理頁面請求和 ajax 請求。

public class SessionControl : ActionFilterAttribute
    public override void OnActionExecuting ( ActionExecutingContext filterContext )
        var session = filterContext.HttpContext.Session;

        /// user is logged in (the "loggedIn" should be set in Login action upon a successful login request)
        if ( session["loggedIn"] != null && (bool)session["loggedIn"] )

        /// if the request is ajax then we return a json object
        if ( filterContext.HttpContext.Request.IsAjaxRequest() )
            filterContext.Result = new JsonResult
                Data = "UnauthorizedAccess",
                JsonRequestBehavior = JsonRequestBehavior.AllowGet
        /// otherwise we redirect the user to the login page
            var redirectTarget = new RouteValueDictionary { { "Controller", "Login" }, { "Action", "Index" } };
            filterContext.Result = new RedirectToRouteResult(redirectTarget);

    public override void OnResultExecuting ( ResultExecutingContext filterContext )
        /// we set a field 'IsAjaxRequest' in ViewBag according to the actual request type
        filterContext.Controller.ViewBag.IsAjaxRequest = filterContext.HttpContext.Request.IsAjaxRequest();