具有身份的ASP.NET Core 2.0中的Cookie到期 [英] Cookie expiry in ASP.NET Core 2.0 with Identity

问题描述

环境:ASP.NET Core 2.0，带有cookie的身份.

Environment: ASP.NET Core 2.0, Identity with cookies.

在Startup.ConfigureServices()中是这样的:

services.ConfigureApplicationCookie(options => {
  options.ExpireTimeSpan = TimeSpan.FromDays(14);
  options.Cookie.Expiration = TimeSpan.FromDays(14);
});

第一个来自CookieAuthenticationOptions.第二个来自CookieBuilder.文档还提到了Microsoft.AspNetCore.Http.CookieOptions.Expires(尽管在该lambda中不可用).

The first is from CookieAuthenticationOptions. The second is from CookieBuilder. The docs also mention Microsoft.AspNetCore.Http.CookieOptions.Expires (though it's not available in that lambda).

两者之间有什么区别?在Core2中设置到期时间的正确方法是什么?

What is the difference between these? What is the correct way to set an expiry time in Core2?

推荐答案

以下是我用来设置我使用的测试应用程序中cookie到期时间的方法.

The following is what I am using to set the expiry for the cookie in a test application that I use.

public class Startup
{
    ...

    // This method gets called by the runtime. Use this method to add services to the container
    public void ConfigureServices(IServiceCollection services)
    {
        // Add framework services.
        ...

        ...  // before services.AddMvc();!
        services.AddAuthentication().AddCookie(options => {
            options.Cookie.Expiration = TimeSpan.FromDays(14);
            options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
            options.Cookie.Name = "MyCookieName";
            options.LoginPath = "/Account/Login";
            options.AccessDeniedPath = "/Account/Forbidden";
        });

        // OR Perhaps, this could be what you need
        services.ConfigureApplicationCookie(options =>
        {
            options.Cookie.Expiration = TimeSpan.FromDays(150);
            options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
            options.Cookie.Name = "MyCookieName";
            options.LoginPath = "/Account/Login";
            options.AccessDeniedPath = "/Account/Forbidden";
        });
        ...
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        ... // before app.UseMvc();!
        app.UseAuthentication();
        // WAS -> app.UseCookieAuthentication();
        ...
    }
    ...
}

我认为这应该使您朝正确的方向前进.

I think this should get you going in the right direction.

这对我有用，而且我还没有发现任何问题.不过，距离Core 2.0 RTM仅几周了. :)

This works for me, and I haven't noticed any issues yet. Although, it's only been a couple of weeks since the Core 2.0 RTM. :)

希望这会有所帮助.

这篇关于具有身份的ASP.NET Core 2.0中的Cookie到期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！