Cookie身份验证在ASP.NET Core中过早过期 [英] Cookie Authentication expiring too soon in ASP.NET Core

问题描述

我有一个正在使用Cookie身份验证的ASP.NET Core 1.1.2项目.我遇到一个问题，在闲置一个小时或更短的时间后，会提示用户重新登录，并丢失工作.下面的代码是我在Startup.cs的Configure函数中用来设置此代码的代码，据我所知，它至少应在8个小时后过期.顺便说一句，ProjectProcessFlow只是项目的名称.

I have a ASP.NET Core 1.1.2 project in which I am using cookie authentication. I am having a problem where users are being prompted to log back in after being idle for an hour or less, and losing work. The code below is what I'm using in the Configure function in Startup.cs to set this up and from what I can tell, it should expire after at least 8 hours. BTW, ProjectProcessFlow is just the name of the project.

  app.UseCookieAuthentication(new CookieAuthenticationOptions()
  {
    AuthenticationScheme = "ProjectProcessFlow",
    LoginPath = new PathString("/Account/Login/"),       
    ExpireTimeSpan = new TimeSpan(8, 0, 0),
    SlidingExpiration = true,
    AutomaticAuthenticate = true,
    AutomaticChallenge = true
  });

我在NuGet中包含Microsoft.AspNetCore.Authentication.Cookies v1.1.2.我该怎么做才能使登录到期在预期的时间发生?

I am including Microsoft.AspNetCore.Authentication.Cookies v1.1.2 in NuGet. What do I need to do to get the login expiration to happen at the expected time?

其他信息:

我发现，发生超时并要求用户再次登录时，服务器上的事件查看器中记录了一条警告，提示它找不到项目下的日志文件夹.因此，我创建了该文件夹，并等待超时再次发生.发生这种情况时，会在该文件夹中创建一个包含以下内容的日志文件:

I found that when the timeout happened and the user was asked to login again, a warning was recorded in the Event Viewer on the server that it couldn't find the logs folder under the project. So I created that folder, and waited for the timeout to happen again. When that happened, a log file was created in that folder that contained this:

Hosting environment: Production
Content root path: C:\inetpub\wwwroot\Sprout
Now listening on: http://localhost:13423
Application started. Press Ctrl+C to shut down.

当我重复此过程时，发生了同样的事情，除了在"localhost:"之后出现了一个不同的数字.我应该提到项目名称为ProjectProcessFlow，但URL以Sprout结尾.

When I repeated this process, the same thing happened, except that a different number appeared after "localhost:". I should mention that the project name is ProjectProcessFlow, but the URL ends in Sprout.

推荐答案

提示

用户闲置一个小时后重新登录 或更少，并失去工作.

users are being prompted to log back in after being idle for an hour or less, and loosing work.

我有类似的配置，但是对我来说很好.

I have similar configuration, but it works fine for me.

我能想到的一件事是您不能让Web服务器空闲20分钟. IIS的应用程序池默认空闲超时为20分钟 (对于其他Linux网络服务器，我无法说).

One thing I can think of is you cannot let web server idle for 20 minutes. IIS's app pool default idle time-out is 20 minutes (I could not say for other Linux web server).

因此，您可以设置更长的应用程序池超时时间((0表示无穷大))，或者每5分钟从诸如

So you could either set longer app pool time-out (0 for infinity), or ping every 5 minutes from external service like Monitis.

这篇关于Cookie身份验证在ASP.NET Core中过早过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！