ASP.NET MVC +窗体身份验证+ AJAX：轮询操作，无需重新身份验证票证过期 [英] ASP.NET MVC + Forms Authentication + AJAX: Polling action without resetting auth ticket expiration

问题描述

有没有一种方法来标记一个控制器动作为不是重置窗体身份验证票证的滑动过期？我想查询使用AJAX每x秒对新信息的服务器，但将有效prevent用户会话从以往到期。

Is there a way to mark a Controller Action to not reset the Forms Authentication ticket sliding expiration? I want to poll the server every x seconds for new info using ajax but that will effectively prevent the user session from ever expiring.

推荐答案

在code表示续订票出炉的 FormsAuthenticationModule 的类被密封，这是不可能修改该行为。这是由<一条done href="http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.renewticketifold.aspx"相对=nofollow> RenewTicketIfOld 方法。反正<一href="http://www.developerfusion.com/article/6745/top-10-application-security-vulnerabilities-in-webconfig-files-part-two/4/"相对=nofollow>启用slidingExpiration 被认为是为您的网站的安全漏洞。

The code that renews the ticket is baked inside the FormsAuthenticationModule class which is sealed and it is not possible to modify this behavior. This is done by the RenewTicketIfOld method. Anyway enabling slidingExpiration is considered a security vulnerability for your site.

这篇关于ASP.NET MVC +窗体身份验证+ AJAX：轮询操作，无需重新身份验证票证过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！