会话超时未过期 [英] Session Timeout not expired
本文介绍了会话超时未过期的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddDistributedMemoryCache();
// session will destroy after idle for 1 minutes
services.AddSession(options => {
options.IdleTimeout = TimeSpan.FromMinutes(1);
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
});
// add authentication
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(
CookieAuthenticationDefaults.AuthenticationScheme,
options =>
{
options.LoginPath = new PathString("/");
options.Cookie.Expiration = TimeSpan.FromMinutes(1);
//options.AccessDeniedPath = new PathString("/auth/denied");
});
services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(1);
options.SlidingExpiration = true;
});
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
// add use authentication
app.UseAuthentication();
app.UseSession();
app.UseStatusCodePagesWithRedirects("/Error/{0}");
app.UseStaticHttpContext();
app.UseMvc(routes =>
{
// routes
...
});
}
LoginController.cs
[HttpPost]
[Route("Login")]
public IActionResult Login(LoginModel model)
{
var claims = new List<Claim> {
// create claim
...
};
var userIdentity = new ClaimsIdentity(claims, "SecureLogin");
var userPrincipal = new ClaimsPrincipal(userIdentity);
HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
userPrincipal,
new AuthenticationProperties
{
IssuedUtc = DateTime.UtcNow,
IsPersistent = false,
AllowRefresh = false
});
}
以上是我的代码,用于为我的应用程序设置会话和登录.您可以在 Startup.cs 中看到,我将会话过期时间设置为1分钟.
Above is my code to set a session and login for my application. You can see in Startup.cs, I set session expiry to 1 minutes.
options.IdleTimeout = TimeSpan.FromMinutes(1);
options.Cookie.Expiration = TimeSpan.FromMinutes(1);
但是它不起作用,我从昨天开始就已经登录,但是会话仍然存在并且现在还活着. 有人可以帮我吗?
But its not working, I already login since yesterday but the session still exist and alive now. Can someone help me?
推荐答案
这是我的解决方案.
[HttpPost]
[Route("Login")]
public IActionResult Login(LoginModel model)
{
var claims = new List<Claim> {
// create claim
...
};
var userIdentity = new ClaimsIdentity(claims, "SecureLogin");
var userPrincipal = new ClaimsPrincipal(userIdentity);
HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
userPrincipal,
new AuthenticationProperties
{
IssuedUtc = DateTime.UtcNow,
IsPersistent = false,
ExpiresUtc = DateTime.UtcNow.AddMinutes(1)
});
}
我将以下代码添加到登录控制器.现在,当用户闲置1分钟时,它将自动注销.
I add below code to the login controller. Now when user idle for 1 minutes, it will auto logout.
ExpiresUtc = DateTime.UtcNow.AddMinutes(1)
这篇关于会话超时未过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文