表单身份验证Cookie不会过期 [英] Forms Authentication cookie not expiring

问题描述

我正在尝试为MVC站点实施非常基本的Asp.net表单身份验证机制.我遇到的问题是，我的身份验证Cookie设置为在一年后过期，而我不希望它在这么长的时间后过期.这是我的一些代码:

I am trying to implement a very basic Asp.net forms authentication mechanism for a MVC site. The problem I am getting is that my authentication cookie is being set to expire after one year whereas I don't want it to expire after such a long time. Here is some of my code:

web.config

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2" />
</authentication>

控制器

...
FormsAuthentication.SetAuthCookie(username, false);
...

我已经找到了这个答案(这个问题很相似，但就我而言从未发生超时)，但这是唯一的使cookie过期的方法还是我在这里做错了什么?

I have found this answer (this question is similar but in my case timeout never occurs) but is this the only way to make the cookie expire or am I doing something wrong here?

当我查看cookie时，它设置为在一年后过期，即使它应该在几分钟后过期，为什么?

When I view the cookie it is set to expire after one year even though it should expire after a couple of minutes, why?

我想要的是某种方式用户会在一段时间后退出，并且我认为在forms标记中设置过期会完成这项工作吗?

What I want is somehow the user gets logged out after some time and I thought setting expiration in forms tag would do the job?

推荐答案

找到解决方案后，将近一个月，查看了100次，没有任何答案.

Almost a month, 100 views and no answers after I have found a solution.

首先，web.config中指定的超时仅在将cookie设置为持久性时才有效，即持久性cookie也可能过期.最初，我错误地认为持久性cookie不会过期.实际上，如果我始终将cookie设置为持久化，那么我的原始代码就可以工作.

First, the timeout specified in the web.config works only when the cookie is set as persistent i.e. a persistent cookie can also expire. Initially I wrongly assumed that a persistent cookie can not expire. In fact, my original code would have worked if I had always set the cookie to persistent.

第二，我认为不需要会员提供者按照上面的评论中的建议进行表单身份验证.

Secondly, I believe there is no need for a membership provider to make Forms Authentication work as suggested in the comments above.

这是我现在创建身份验证cookie的方式:

Here is how I now create a Authentication cookie:

HttpCookie authCookie = FormsAuthentication.GetAuthCookie(username, isPersistent);
if (!isPersistent)
{
    //this is because if it was not set then it got 
    //automatically set to expire next year even if 
    //the cookie was not set as persistent
    authCookie.Expires = DateTime.Now.AddMinutes(15);
}

Response.Cookies.Add(authCookie); 

请告知我是否还有其他替代方法?

Please let me know if there is any alternate to this?

这篇关于表单身份验证Cookie不会过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！