【问题标题】:How to get forms authentication ticket to respecting cookie expiration date如何获取表单身份验证票以尊重 cookie 到期日期
【发布时间】:2014-03-21 16:07:24
【问题描述】:

我遇到了一个问题,即我的网站登录会话的用户提前到期。

这是我的登录方法”

public ActionResult Login(LoginModel model, string returnUrl)
{
    var mcookie = new MyCompanyCookie();

    if (ModelState.IsValid)
    {
        using (var myRepo = new MyCompanyRepositry())
        {
            var passwordHash = MyCompany.Web.Portal.Helpers.Security.CreatePasswordHash(model.Password);

            var userAccount = myRepo.GetMyCompanyUser(model.UserName,model.PartnerAccessCode);

            if(userAccount != null && userAccount.Password == passwordHash && userAccount.PartnerAccessCode == model.PartnerAccessCode.ToUpper())
            {
                mcookie.GetMMformsauthentication(userAccount, model.RememberMe);


                   return RedirectToLocal(returnUrl);
            }
            else
            {
                ModelState.AddModelError("", "The user name,access code or password provided is incorrect.");
            }


        }

并形成身份验证票:

public void GetMMformsauthentication(UserAccount useraccount, bool createPersistentCookie) { const string UnknownUsername = "匿名";

    // Composing UserData to be stored in the auth cookie
    var userCookieData = new MarvMentUserCookieData()
    {
        UserId = useraccount.UserID,
        Password = useraccount.Password,
        PartnerAccessCode = useraccount.PartnerAccessCode
    };

    var ticket = new FormsAuthenticationTicket(1, string.IsNullOrEmpty(useraccount.UserID) ? UnknownUsername : useraccount.UserID, DateTime.Now,
                                                                     DateTime.Now.AddDays(100), createPersistentCookie, userCookieData.ToString(), FormsAuthentication.FormsCookiePath);
    var hashedCookie = FormsAuthentication.Encrypt(ticket);

    HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

    var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashedCookie); // Hashed ticket
    authCookie.HttpOnly = true;
    authCookie.Expires = ticket.Expiration;
    authCookie.Path = ticket.CookiePath;
    authCookie.Secure = false;
    HttpContext.Current.Response.SetCookie(authCookie);
}

}

以及我的 Web.config 中的过期设置

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

在这里您可以看到表单过期设置设置为 2880 分钟,但用户在大约 5-10 分钟后退出。

cookie 设置为 100 天后过期

有没有人知道可能导致此问题的原因?

【问题讨论】:

    标签: asp.net-mvc asp.net-mvc-3


    【解决方案1】:

    看起来问题不在于身份验证标签中的会话。只需检查如果 cookie 内容被评论会发生什么...如果 Session 保留更多时间,则专注于 cookie 内容。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2019-11-27
      • 1970-01-01
      • 1970-01-01
      • 2011-10-27
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多