FormsAuthenticationTicket过期太早 [英] FormsAuthenticationTicket expires too soon

问题描述

这是登录成功后调用的我的函数. (我对FormAuthentication还是很陌生的)

This is my function that is called when a login is successful. (I am very new to this FormAuthentication thing)

public static void CreateLoginCookie(User u)
{
  FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(u.Id.ToString(), true, 9*60);
  string encryptedTicket = FormsAuthentication.Encrypt(ticket);
  HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Expires = DateTime.Now.AddHours(9) };
  HttpContext.Current.Response.Cookies.Add(cookie);
}

在web.config中，我有

In the web.config I have

<authentication mode="Forms">
  <forms loginUrl="~/Default/Login" timeout="540" />
</authentication>

我希望用户保持登录状态9个小时，但是它不起作用.他们在一两个小时后就注销了.

I want the user stay logged in for 9 hours, but it doesn't work. They get logged out after an hour or two.

有人可以告诉我我在想什么吗?

Could someone tell me what I am missing?

推荐答案

它可能是由于应用程序池回收而发生的.

It may happen because of Application Pool recycling.

身份验证cookie用机器密钥加密. 似乎默认情况下，这些计算机密钥是在每次应用程序池重新启动时生成的. 然后，您的应用程序闲置了一段时间(在应用程序池设置中配置)，您的应用程序池将被回收.

Authentication cookie is encrypted with machine keys. It seems that by default these machine keys are generated at each application pool restart. Then your application is idle for some time(configured in application pool settings) your application pool is recycled.

因此，您需要生成静态机器密钥.

So you need to generate static machine keys.

这个问题与您有关: FormsAuthenticationTicket可以在应用程序池回收中幸存吗?

This question is related to yours: Can a FormsAuthenticationTicket survive an app pool recycle?

这篇关于FormsAuthenticationTicket过期太早的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！