[英]Cookie expiry in ASP.NET Core 2.0 with Identity
Environment: ASP.NET Core 2.0, Identity with cookies. 环境:ASP.NET Core 2.0,与cookie的身份。
In Startup.ConfigureServices()
there is this: 在
Startup.ConfigureServices()
有这样的:
services.ConfigureApplicationCookie(options => {
options.ExpireTimeSpan = TimeSpan.FromDays(14);
options.Cookie.Expiration = TimeSpan.FromDays(14);
});
The first is from CookieAuthenticationOptions
. 第一个来自
CookieAuthenticationOptions
。 The second is from CookieBuilder
. 第二个来自
CookieBuilder
。 The docs also mention Microsoft.AspNetCore.Http.CookieOptions.Expires
(though it's not available in that lambda). 文档还提到了
Microsoft.AspNetCore.Http.CookieOptions.Expires
(虽然它在lambda中不可用)。
What is the difference between these? 这些有什么区别? What is the correct way to set an expiry time in Core2?
在Core2中设置到期时间的正确方法是什么?
The following is what I am using to set the expiry for the cookie in a test application that I use. 以下是我用来设置我使用的测试应用程序中的cookie的到期时间。
public class Startup
{
...
// This method gets called by the runtime. Use this method to add services to the container
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
...
... // before services.AddMvc();!
services.AddAuthentication().AddCookie(options => {
options.Cookie.Expiration = TimeSpan.FromDays(14);
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
options.Cookie.Name = "MyCookieName";
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/Forbidden";
});
// OR Perhaps, this could be what you need
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Expiration = TimeSpan.FromDays(150);
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
options.Cookie.Name = "MyCookieName";
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/Forbidden";
});
...
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
... // before app.UseMvc();!
app.UseAuthentication();
// WAS -> app.UseCookieAuthentication();
...
}
...
}
I think this should get you going in the right direction. 我认为这应该让你朝着正确的方向前进。
This works for me, and I haven't noticed any issues yet. 这对我有用,我还没有发现任何问题。 Although, it's only been a couple of weeks since the Core 2.0 RTM.
虽然,自Core 2.0 RTM起仅仅几周了。 :)
:)
Hope this helps. 希望这可以帮助。
This code workds for me. 这段代码适合我。 Only second block changes cookie expiration
只有第二个块会更改cookie过期
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/Logout";
options.AccessDeniedPath = "/Account/AccessDenied";
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings, only this changes expiration
options.Cookie.HttpOnly = true;
options.Cookie.Expiration = TimeSpan.FromDays(150);
options.ExpireTimeSpan = TimeSpan.FromDays(150);
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.