会话退出时间过早 [英] Session logged out too soon
问题描述
我将ASP.NET Core 2.1与Microsoft Identity一起使用,并且用户抱怨仅在闲置约30分钟后,他们仍不断重定向到登录屏幕.我已经在ExpireTimeSpan中设置了60分钟,但它永远不会持续那么长时间.有什么建议吗?
I'm using ASP.NET Core 2.1 with Microsoft Identity and users are complaining that they keep getting redirected to the login screen after only around 30 minutes of inactivity. I've set it up with 60 minutes in the ExpireTimeSpan, but it's never lasting anywhere near that long. Any suggestions?
这是Startup.cs文件中的内容:
This is what I have in the Startup.cs file:
public void ConfigureServices(IServiceCollection services)
{
services.AddScoped<IRFDbRepository, RFDbRepository>();
var connection = _configuration.GetConnectionString("RFDbConnection");
services.Configure<ConnectionStrings>(_configuration.GetSection("ConnectionStrings"));
services.AddDbContext<IdentityDbContext>(options => options.UseSqlServer(connection));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddRazorPagesOptions(options =>
{
options.AllowAreas = true;
options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
});
services.AddIdentity<User, UserRole>().AddDefaultTokenProviders();
services.AddTransient<IUserStore<User>, UserStore>();
services.AddTransient<IRoleStore<UserRole>, RoleStore>();
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = "/Identity/Account/Login";
options.LogoutPath = "/Identity/Account/Logout";
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.SlidingExpiration = true;
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IRFDbRepository rFDbRepository)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
loggerFactory.AddFile(_configuration.GetValue<string>("Logging:LogFile"));
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
routes.MapRoute(
name: "ActionApi",
template: "api/{controller}/{action}/{id?}");
});
}
推荐答案
我终于找到了这个问题的根源.
I've finally found the root of this problem.
ASP.NET Core 2.1中的身份存在问题,如果您实现了自己的UserStore版本,但没有实现IUserSecurityStampStore,则将跳过大多数与安全戳有关的功能.
There is an issue with Identity in ASP.NET Core 2.1 whereby if you have implemented your own version of the UserStore but not IUserSecurityStampStore, most functionality regarding security stamps will be skipped.
调用AddIdentity()时,它每30分钟会对securityStamp进行一次验证检查.
When you call AddIdentity() it does a validation check on the securityStamp every 30 minutes.
这会导致令人困惑的行为,即用户在30分钟后注销,即使cookie没有过期也是如此.
This results in the confusing behaviour that the user is logged out after 30 minutes, even though the cookies did not expire.
ASP.NET Core 2.2中显然有针对此问题的修复程序,更多详细信息在这里
There is a fix for this coming in ASP.NET Core 2.2 apparently, further details here
https://github.com/aspnet/Identity/issues/1880
同时,您可以通过将其添加到startup.cs中,来将UserStore实施IUserSecurityStampStore实施为我的快速修复,或者将我现在做为快速修复的操作(此操作将故障之间的时间从30分钟增加到10小时).
In the meantime, you can either get your UserStore to implement IUserSecurityStampStore, or do what I did as a quick fix for now, by adding this to your startup.cs which increases the time between failures from 30 minutes to 10 hours.
services.Configure(o => o.ValidationInterval = TimeSpan.FromHours(10));
services.Configure(o => o.ValidationInterval = TimeSpan.FromHours(10));
这篇关于会话退出时间过早的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
