身份验证会话在ASP.NET MVC上过期 [英] Authentication session expires on ASP.NET MVC
问题描述
我想将用户登录到ASP.NET MVC站点,并且该会话很快会在数分钟内到期. 身份验证在一行代码中完成:
I want to log a user into an ASP.NET MVC site, and the session expires very quickly, in minutes. Authentication is done in one line of code:
authProvider.Authenticate(model.UserName, model.Password)
然后我在Web.config中拥有:
Then I have in Web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" name=".ASPXAUTH" timeout="300" slidingExpiration="true">
和服务器上IIS上的设置持续300分钟.
and the setting on the IIS on the server for 300 minutes.
出什么问题了?
推荐答案
确保您拥有与forms timeout
相匹配的sessionState timeout
值:
Make sure you have a sessionState timeout
value that matches your forms timeout
:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name=".ASPXAUTH"
timeout="300"
slidingExpiration="true" />
</authentication>
<sessionState timeout="300" mode="InProc" />
</system.web>
您还需要将应用程序池的Idle Time-out
参数更改为所需的身份验证超时,以避免应用程序池太早回收,从而丢失会话.
You also need to change the Idle Time-out
parameter of your Application Pool to the desired authentification timeout to avoid the Application Pool to recycle too soon and therefore lose your sessions.
此参数可以在以下位置找到:
This parameter can be found in:
IIS-应用程序池-有关应用程序池的高级设置.
IIS - Application Pools - Advanced Settings of the Application Pool in question.
参考文献:
- Configure Idle Time-out Settings for an Application Pool
- IIS7 Application Pool Idle Time-out Settings
如果您不想更改此参数(*),一种解决方案是使用会话状态的StateServer
模式.此模式使用服务来存储会话,而不是使用In-Process
模式存储内存.它具有在回收应用程序池时不会丢失会话的优点.配置起来也很容易:
If you don't want to change this parameter(*), a solution is to use the StateServer
mode of the Session State. This mode uses a service to store the session instead of the memory with In-Process
mode. It has the advantage of not losing the session when the Application Pool is recycled. It's also very easy to configure:
<system.web>
<sessionState mode="StateServer"
stateConnectionString="tcpip=loopback:42424"
cookieless="false"
timeout="300" />
</system.web>
(*)5分钟非常短.默认值为20分钟.因此,如果使用StateServer
模式,我建议将其至少设置为默认值.
(*) 5 minutes is very low. The default is 20 minutes. So I advice to set it to at least the default value if using the StateServer
mode.
参考:
这篇关于身份验证会话在ASP.NET MVC上过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!