如何停止延长Ajax调用的cookie到期时间?
[英]How to stop extending cookie expiration time for ajax calls?
问题描述
I set ExpireTimeSpan to one day ,but i have notification service in the UI that send ajax call each 5 minutes ,so the ajax call will extend the expiration time ,as result of that the system will not logout after period of time if the user is in active ,how could i resolve that 
我将ExpireTimeSpan设置为一天,但是我的UI中有通知服务,该服务每5分钟发送一次ajax调用,因此ajax调用会延长有效期,因此,如果用户是,则系统将在一段时间后不注销在积极,我该如何解决
int expireTime = 1440; //one day
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(expireTime),
SlidingExpiration=true,
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
i found this solution for asp.net core : https://medium.com/cacti-pins/conditionally-set-sliding-expiration-time-on-authentication-cookies-in-asp-net-core-e70ffe7da49d but i'm using .net4.5 我找到了用于asp.net核心的解决方案: https : //medium.com/cacti-pins/conditionally-set-sliding-expiration-time-on-authentication-cookies-in-asp-net-core-e70ffe7da49d,但我m使用.net4.5
1 个解决方案
解决方案1
0 2018-08-29 08:49:35
I don't think there is a particularly simple solution to this issue, but there are a couple of avenues you could look at. 对于该问题,我认为没有特别简单的解决方案,但是您可以考虑几种方法。
First of all you could consider using WebSockets for the notification service. 首先,您可以考虑将WebSockets用于通知服务。 In a C# application it would seem sensible to use SignalR . 在C#应用程序中,使用SignalR似乎是明智的。 This will allow you to open a persistent connection between client and server and enable a server push, which should only involve sending the cookie on the initial connection. 这将允许您打开客户端与服务器之间的持久连接并启用服务器推送,这只应包括在初始连接上发送cookie。 Beware that by default SignalR can downgrade to long polling if other options are not supported within the browser which would still suffer from the same issue. 请注意,默认情况下,如果浏览器中不支持其他选项,则SignalR可以降级为长时间轮询,而这仍然会遇到相同的问题。
Alternatively you could look at swapping the ajax call for a javascript fetch() . 另外,您可以考虑将ajax调用换成javascript fetch() 。 This will allow you to omit the cookie when you make a request. 这样,您可以在发出请求时忽略Cookie。 You will however need to generate an alternative Authorization token within your application and manage this. 但是,您将需要在应用程序内生成备用授权令牌并进行管理。 You may also need to move the notification service into its own application so that it is not using the same authentication scheme. 您可能还需要将通知服务移至其自己的应用程序中,以便它不使用相同的身份验证方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.