[英]Form authentication slidingExpiration does not work
I have below code 我有以下代码
int intTimeout = (FormsAuthentication.Timeout.Hours * 60) +
FormsAuthentication.Timeout.Minutes;
var authTicket = new FormsAuthenticationTicket(1, Utility.userCookie, DateTime.Now,
DateTime.Now.AddMinutes(intTimeout), true, cookieValue);
string strEncryptedTicket = HttpUtility.UrlEncode(FormsAuthentication.Encrypt(authTicket));
var authCookie = new HttpCookie(Utility.userCookie, strEncryptedTicket);
authCookie.Expires = authTicket.Expiration;
//FormsAuthentication.RedirectFromLoginPage("", false);
authCookie.Secure = FormsAuthentication.RequireSSL;
//authCookie.Secure = true;
HttpContext.Current.Response.Cookies[Utility.userCookie].Expires = authTicket.Expiration;
HttpContext.Current.Response.Cookies[Utility.userCookie].Value = authCookie.Value;
Below web.config 在web.config下面
<authentication mode="Forms">
<forms timeout="2" slidingExpiration="true" requireSSL="true" />
</authentication>
I keep hitting page link, still it expires in 2 minutes . 我一直打到页面链接, 它仍然会在2分钟后到期 。
Please pay attention to the structure of custom forms–based authentication in web.config : 请注意web.config中 基于表单的自定义身份验证的结构:
<forms
name="name"
loginUrl="URL"
defaultUrl="URL"
protection="[All|None|Encryption|Validation]"
timeout="[MM]"
path="path"
requireSSL="[true|false]"
slidingExpiration="[true|false]">
enableCrossAppRedirects="[true|false]"
cookieless="[UseUri|UseCookies|AutoDetect|UseDeviceProfile]"
domain="domain name"
ticketCompatibilityMode="[Framework20|Framework40]">
<credentials>...</credentials>
</forms>
As you see, timeout
property works based on minutes where you set it 2 (eg 2 minutes). 如您所见,
timeout
属性基于您将其设置为2的分钟(例如2分钟)。
Generally, if you enable slidingExpiration
in web.config . 通常,如果在web.config中启用了
slidingExpiration
。 You have no need to regenerate a new cookie manually . 您无需手动重新生成新cookie 。 For your scenario, I suggest you to use a trace tool eg Fiddler.
对于您的场景,我建议您使用跟踪工具,例如Fiddler。 When you refresh the page, you can check from Fiddler that whether the cookie expired time is reset.
刷新页面时,您可以从Fiddler查看是否重置了cookie过期时间。
I found a good example in Weird Timeouts With Custom ASPNETFormsAuthentication which can do some clearance for you. 我在自定义ASPNETFormsAuthentication的奇怪超时中找到了一个很好的例子,可以为你做一些许可。
尝试从代码中删除此行,然后重试:
HttpContext.Current.Response.Cookies[Utility.userCookie].Expires = authTicket.Expiration;
在web.config文件中,删除<clear/>
元素或在<clear/>
元素后添加以下内容(如果不存在)。
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
Maybe the problem is related to lack of static machineKey
section in the web.config file. 也许问题与web.config文件中缺少静态
machineKey
部分有关。 when you call FormsAuthentication.Encrypt
or FormsAuthentication.Decrypt
, the methods use the machineKey values which is provided in the web.config file to perform the operation. 当您调用
FormsAuthentication.Encrypt
或FormsAuthentication.Decrypt
,这些方法使用web.config文件中提供的machineKey值来执行操作。 if you do not provide strict values for machineKey, a new unique validationKey
and decryptionKey
would generate at the start point of the web application. 如果您没有为machineKey提供严格的值,则会在Web应用程序的起始点生成一个新的唯一
validationKey
和decryptionKey
。 sometimes depend on the server settings(for example small Idle-Time values for application pool settings), application is terminated before the expiration time of the FormsAuthenticationTicket
. 有时取决于服务器设置(例如应用程序池设置的小Idle-Time值),应用程序在
FormsAuthenticationTicket
的到期时间之前终止。 in this case because of the new machineKey
values the Decrypt method can't validate the Ticket. 在这种情况下,由于新的
machineKey
值,Decrypt方法无法验证Ticket。 I just recommend you to set a static machineKey. 我建议你设置一个静态machineKey。
see the following link: https://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.100).aspx 请参阅以下链接: https : //msdn.microsoft.com/en-us/library/w8h3skw9(v = vs.100).aspx
In my application, I define cookieAuthenticationOptions
in Startup.cs
like this and it works fine 在我的应用程序中,我在
Startup.cs
定义了像这样的cookieAuthenticationOptions
,它工作正常
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromHours(1),
SlidingExpiration = true,
CookieHttpOnly = true,
CookieName = "App.Authentication",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
});
Do you define those options ? 你定义这些选项吗?
Why you don't use the SignIn
method of AuthenticationManager
? 为什么不使用
AuthenticationManager
的SignIn
方法?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.