stackoom
  简体   繁体   中英

How to stop extending cookie expiration time for ajax calls?

 原文  2018-08-29 07:26:12       c#/ asp.net-mvc/ cookies/ asp.net-identity/ owin

Question

I set ExpireTimeSpan to one day ,but i have notification service in the UI that send ajax call each 5 minutes ,so the ajax call will extend the expiration time ,as result of that the system will not logout after period of time if the user is in active ,how could i resolve that 

        int expireTime = 1440; //one day

        app.UseCookieAuthentication(new CookieAuthenticationOptions
         {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            ExpireTimeSpan = TimeSpan.FromMinutes(expireTime),
            SlidingExpiration=true, 
            Provider = new CookieAuthenticationProvider
            {
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });

i found this solution for asp.net core : https://medium.com/cacti-pins/conditionally-set-sliding-expiration-time-on-authentication-cookies-in-asp-net-core-e70ffe7da49d but i'm using .net4.5

1 answers

solution1
 0  2018-08-29 08:49:35

I don't think there is a particularly simple solution to this issue, but there are a couple of avenues you could look at.

First of all you could consider using WebSockets for the notification service. In a C# application it would seem sensible to use SignalR . This will allow you to open a persistent connection between client and server and enable a server push, which should only involve sending the cookie on the initial connection. Beware that by default SignalR can downgrade to long polling if other options are not supported within the browser which would still suffer from the same issue.

Alternatively you could look at swapping the ajax call for a javascript fetch() . This will allow you to omit the cookie when you make a request. You will however need to generate an alternative Authorization token within your application and manage this. You may also need to move the notification service into its own application so that it is not using the same authentication scheme.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how do I set cookie expiration time in user local time? Accessing cookie expiration time owin what is the default expiration time of a cookie ABP cookie expiration time issue How to change cookie expiration time when signin with PasswordSignInAsync? Cookie Expiration - How is chrome and edge miscalculating the cookie expiration date? Cookie expiration time not working in C# How to Change Persistent Cookie Expiration Time in .Net Core 3.1 Identity Server 4 How to stop page_load when ajax calls function? Implement Remember Me utilizing Cookie with expiration time instead of LocalStorage
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM