表单身份验证cookie似乎停止工作 [英] Forms Authentication cookie seems to stop working

问题描述

我希望在我的应用程序中具有一些功能，以使用户可以检查自己希望无限期保持登录状态(将Cookie的有效期设置为从现在起3个月).

I want to have functionality on my application that lets a user check off that they wish to stay logged indefinitely (arbitrarily setting the cookie expiration at 3 months from NOW).

我要处理的代码是

private static HttpCookie GetFormsAuthenticationCookie(string userNameResponse, 
                                                        bool persistCookie)
{            
    var cookie = FormsAuthentication.GetAuthCookie(userNameResponse, persistCookie);

    if (persistCookie)
        cookie.Expires = DateTime.Now.AddMonths(3);

    return cookie;
}

private void LoginUser(string userNameResponse, bool PersistCookie)
{
    Response.Cookies.Add(GetFormsAuthenticationCookie(userNameResponse, PersistCookie));

    string navigateAfterUrl = FormsAuthentication.GetRedirectUrl(userNameResponse,
                                                                 PersistCookie);

    Response.Redirect(navigateAfterUrl);
}

但是，稍后在返回站点时，我需要再次登录.我已验证cookie随我的到期日期一起返回，并且未将其设置为会话cookie(也已通过关闭/重新打开浏览器进行了测试，并且cookie仍然存在).我的想法是，与ASP.NET会话期满有关.

However at some point later when I return to the site I need to login again. I have verified that the cookie comes back with my expiration date and that it is not set as a session cookie (also tested with closing/reopening browser and cookie still exists). My one thought is that it has something to do with when ASP.NET expires the session.

我在web.config中有一个特定的机器密钥设置，因此如果IIS重新启动等，同一个cookie不能工作吗?有没有人对导致此问题的原因有任何建议，或者对如何进一步跟踪此问题有任何建议，因为我想不起其他任何事情.

I have a specific machine key setup in my web.config so shouldn't the same cookie work if IIS gets restarted etc? Does anyone have any suggestions on what could either be causing this or atleast on how to trace this further since I can't think of anything else to do.

推荐答案

调用 FormsAuthenticationTicket 是使用超时属性.因此，请确保正确设置它:

When you call the GetAuthCookie method a FormsAuthenticationTicket is created with a timeout given by the Timeout property in web.config. So be sure to set it properly:

<authentication mode="Forms">
  <forms
    loginUrl="/someloginUrl"
    requireSSL="true"
    protection="All"
    // This is the setting you are looking for! (it's in seconds)
    timeout="120"
    domain="example.com"
    slidingExpiration="false"
    name="cookieName" />
</authentication>

一旦票证被加密，它将用作cookie的值.当您设置您的到期属性时cookie到给定值，这表示它将在给定时间段内在客户端计算机上保留.然后，在每个请求上，ASP.NET运行时都将检查cookie的存在，将尝试解密该值并获取票证.接下来，它将使用Timeout属性检查票证是否仍然有效，因此，如果超时时间较小，则无论Cookie是否仍在传输，票证都将不再有效，并且身份验证将失败.

Once the ticket is encrypted it is used as a value for the cookie. When you set the Expires property of your cookie to a given value this indicates that it will be persisted on the client computer for the given period. Then on every request ASP.NET runtime will check the presence of the cookie, will try to decrypt the value and obtain the ticket. Next it will check if the ticket is still valid by using the Timeout property, so if you have a small timeout, no matter that your cookie is still transmitted, the ticket is no longer valid and the authentication will fail.

这篇关于表单身份验证cookie似乎停止工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！