基于表单的身份验证（FBA）的SharePoint Cookie管理和会话管理的最佳实践是什么？ [英] What is the best practice for SharePoint Cookie management and session management for Forms Based Authentication (FBA) ?

问题描述

有人可以告诉我，我们应该如何为基于SharePoint Forms的经过身份验证的网站配置不同的cookie生存期和会话时间？

我遇到了以下生命周期：

1。 LogonTokenCacheExpirationWindow

2。 FormsTokenLifetime

3。 CookieLifetime

4。 CookieLifetimeRefreshWindow

您能否解释这些值之间的关系，以及这些值如何相互影响？

解决方案

Hi Sumit，

FormsTokenLifetime：

此生命周期对频率有直接影响用户需要进行身份验证。当用户发出请求时，将检查缓存中的令牌，如果它已过期，则用户需要再次进行身份验证。

CookieLifetime：

  SharePoint将身份验证/会话（FEDAUTH）cookie存储为磁盘上的持久性cookie。这允许用户关闭并重新打开其浏览器并访问SharePoint，而无需重新进行身份验证。这种行为并不总是令人满意。

LogonTokenCacheExpirationWindow：

检查缓存中的令牌是否过期时，会扣除缓存中令牌的生命周期。这意味着令牌的实际生命周期将低于预期。下图有助于了解令牌何时有效以及生命周期和窗口在到期时扮演的
角色。

CookieLifetimeRefreshWindow类似于LognTokenCacheExpirationWindow会影响cookie刷新时间间隔。

更多信息：

SharePoint 2013身份验证生存期设置

SharePoint身份验证和会话管理

谢谢

最好的问候

Can someone please tell me how exactly we should configure different cookie lifetimes and session timouts for SharePoint Forms Based authenticated website?

I came across following lifetimes:

1. LogonTokenCacheExpirationWindow

2. FormsTokenLifetime

3. CookieLifetime

4. CookieLifetimeRefreshWindow

Could you please explain relation between these values, and how these values affect each other?

解决方案

Hi Sumit,

FormsTokenLifetime:

This lifetime has a direct impact in how often the user will need to authenticate. When the user makes a request, the token in the cache is checked and if it is expired, then the user needs to authenticate again.

CookieLifetime:

 SharePoint stores the authentication/session (FEDAUTH) cookie as a persistent cookie on disk. This allows the user to close and reopen their browser and access SharePoint without having to re-authenticate. This behavior is not always desirable.

LogonTokenCacheExpirationWindow:

The lifetime of a token in the cache is deducted the window value when checking if it is expired. This means that the real lifetime of the token will be less than expected. The following diagram can be helpful to understand when a token is valid and the roles the lifetime and window play in the expiration.

CookieLifetimeRefreshWindow is similiar with LognTokenCacheExpirationWindow which will affect the cookie refresh time interval.

More information:

SharePoint 2013 authentication lifetime settings

SharePoint Authentication and Session Management

Thanks

Best Regards

这篇关于基于表单的身份验证（FBA）的SharePoint Cookie管理和会话管理的最佳实践是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！