IdentityServer会话cookie不会滑动 [英] IdentityServer Session cookie is not sliding

问题描述

我面临一个奇怪的问题.我可以进行无提示续订，但是我的IdP cookie正在滑动. 问题更多...

I am facing a weird problem. I am able to do the silent renew, but my IdP cookie is getting sliding. More into the problem...

我将IdP会话Cookie(IdentityServer)的生存时间设置为在15分钟内过期，并且我也为访问令牌和ID令牌的生存时间设置了相同的时间.

I have an IdP session cookie (IdentityServer) lifetime set to expire in 15 minutes and I kept the same time for the access token and id token lifetime too.

在我的JavaScript客户端上，我每2分钟检查一次用户活动，如果最近2分钟有活动，我将续签令牌.

On my JavaScript client, I check user activity every 2 minutes and if there is activity in the last 2 min, I will renew the token.

我能够获得具有更新的过期时间的访问令牌和id令牌，但是15分钟(IdP cookie生存时间)过后，静默续订调用失败，IdP正在注销.
我检查了静默响应重新调用，我发现响应头中没有设置cookie(具有新的滑动到期时间).

I am able to get the access token and id token with renewed expiration times, but after 15 minutes (the IdP cookie life time) silent renew calls are failing and IdP is logging out.
I checked response of silent renew call, I see no cookies being set (with new sliding expiration times) in the response headers.

我应该在服务器端启用任何设置吗?感谢您的帮助.

Are there any settings I am supposed to enable at the server side? Appreciate your help.

推荐答案

正如@mackie在评论中提到的那样，该cookie仅在其过期一半时才会滑动……这与Identity Server无关，但是.NET框架

As @mackie mentioned in the comments, the cookie will slide only if it's past half way to expiry... and this has nothing to do with Identity Server, but .NET framework

我能够通过以下方法克服它:

I was able to overcome it by doing this:

public class CustomCookieOptions : IConfigureNamedOptions<CookieAuthenticationOptions>
{
    private readonly AppConfiguration _appConfiguration;
    private const string UTC_DATE_TIME_FORMAT = "r";
    private const string EXPIRES_KEY = ".expires";

    public CustomCookieOptions(IOptions<AppConfiguration> appConfiguration)
    {
        _appConfiguration = appConfiguration.Value;
    }

    public void Configure(CookieAuthenticationOptions options)
    {
    }

    public void Configure(string name, CookieAuthenticationOptions options)
    {
        options.Events.OnValidatePrincipal = context =>
        {
            if (context.Principal.Identity.IsAuthenticated &&
                options.Cookie.Name == IdentityServerConstants.DefaultCookieAuthenticationScheme)
            {
                if (context.Properties.Items.ContainsKey(EXPIRES_KEY)
                    && context.Request.Path.Value.StartsWith("/connect/authorize"))
                {
                    var expiresAt = DateTimeOffset.Parse(context.Properties.Items[EXPIRES_KEY]);
                    if (DateTimeOffset.UtcNow <= expiresAt)
                    {
                        context.ShouldRenew = true;
                        context.Properties.Items[EXPIRES_KEY] =
                            DateTimeOffset.UtcNow.AddSeconds(_appConfiguration.CookieLifetimeInSeconds)
                                .ToString(UTC_DATE_TIME_FORMAT, CultureInfo.InvariantCulture);
                    }
                }
            }
            return Task.CompletedTask;
        };
    }

然后注册:

services.AddSingleton<IConfigureOptions<CookieAuthenticationOptions>, CustomCookieOptions>();

这篇关于IdentityServer会话cookie不会滑动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！