ASP.NET Core Identity 3 Cookie超时 [英] ASP.NET Core Identity 3 Cookie timeout
问题描述
RC2发生了一个奇怪的问题.
I have a weird issue happening with RC2.
我使用以下配置选项将Identity 3 ExpireTimeSpan设置为12小时
I have setup Identity 3 ExpireTimeSpan to 12 hours using the following configuration option
options.Cookies.ApplicationCookie.ExpireTimeSpan = new TimeSpan(12,0,0);
登录该网站并使其停留约35-40分钟后,我收到401错误(用于我的ajax帖子调用),并刷新了网站,然后返回登录页面.
After logging in to the website and leaving it untouched for ~35-40mins, I get a 401 error (for my ajax post calls) and refreshing the website, I get back to the login page.
为什么将ExpireTimeSpan设置为12小时,我必须重新进行身份验证?
Why do I have to reauthenticate when I have setup the ExpireTimeSpan to 12hours?
我还需要其他设置或配置吗?
Is there another setting or configuration that I need?
还
我如何获得到期前的剩余时间?我想访问该信息,以便警告用户,他们的会话将在X时间后过期.
How can I get the time left before the expiry occurs? I would like to access that information so I could warn my users that their session will expire after X time.
谢谢!
推荐答案
我发现了问题
问题在于SecurityStamp机制. 默认情况下,每30分钟验证一次安全标记.这主要是因为可以选择在任何地方登录. 例如,当用户更改密码时,通常会以身份更新安全标记. 这将使用户登录的所有位置(除了他更改了密码的位置)在30分钟后退出,因为图章(通常是GUID)已更改.
The problem lies with the SecurityStamp mechanism. By default, every 30 minutes, the security stamp is validated. This mostly due to the fact that sign in everywhere is an option. The security stamp is updated usually in identity when the user changes password for instance. This will make all the locations where the user has signed on (except the one where he changed his password) sign out after 30mins because the stamp (usually a guid) has changed.
要实现此功能,请在UserStore中实现ISecurityStampStore<T>接口并实现GetSecurityStampAsync(User user, CancellationToken cancellationToken)方法
To implement this functionality, Implement the ISecurityStampStore<T> interface in your UserStore and implement the GetSecurityStampAsync(User user, CancellationToken cancellationToken) method
有关更多信息,您可以检查安全标记验证程序代码以及30分钟后退出系统的原因
For more info you can check the security stamp validator code and the reason why it signs you out after 30mins
注意: 可以将options.SecurityStampValidationInterval设置为增加时间检查,但不能解决问题. X时间过后,您仍然会退出.
Note: The options.SecurityStampValidationInterval can be set to increase the time check, but it doesn't resolve the problem. After X time, you will still be signed out.
这篇关于ASP.NET Core Identity 3 Cookie超时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
