Cookie不会因StartUp.cs设置而过期 [英] Cookie not expiring per StartUp.cs settings
问题描述
在2天的时间里,我尝试了许多解决方案,但仍然无法使它起作用.我想要的是让用户Cookie在设定的时间后过期
例如用户A登录并进入主页,用户A午休.用户A返回并单击导航栏,然后将其重定向到登录页面.
I have tried a plethora of solutions over the course of 2 days and still have not been able to get this to work. What I want is for a user cookie to expire after a set amount of time
E.g. User A logs in and goes to home page, User A goes for a lunch break. User A comes back and clicks on the nav bar and gets redirected to the login page.
我尝试了AddAuthentication()
,AddSession()
和AddCookie()
选项中的所有选项,所有选项均具有ExpireTimeSpan
和Cookie.Expiration
.似乎没有任何作用.该项目使用 ASP.NET身份,我知道应该在cookie选项之前调用此服务.请在下面查看我当前的StartUp.cs
,这是我尝试的最后一件事:
I have tried everything from AddAuthentication()
, AddSession()
and AddCookie()
options all having an ExpireTimeSpan
and Cookie.Expiration
of my choosing. Nothing seems to work. The project uses ASP.NET Identity and I am aware this service should be called before the cookie options. Please see my current StartUp.cs
below, this is the last thing i tried:
public class Startup
{
public IConfiguration Configuration { get; }
public IContainer ApplicationContainer { get; private set; }
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IServiceProvider ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddIdentity<ApplicationUser, IdentityRole>(config =>
{
config.SignIn.RequireConfirmedEmail = true;
})
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
//other services e.g. interfaces etc.
services.AddAuthentication().AddCookie(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.Expiration = TimeSpan.FromSeconds(60);
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/Logout";
options.AccessDeniedPath = "/AccessDenied";
options.ExpireTimeSpan = TimeSpan.FromSeconds(5);
options.SlidingExpiration = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
//services.AddSession();
var containerBuilder = new ContainerBuilder();
containerBuilder.Populate(services);
this.ApplicationContainer = containerBuilder.Build();
var serviceProvider = new AutofacServiceProvider(this.ApplicationContainer);
return serviceProvider;
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.ConfigureCustomExceptionMiddleware();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
//app.UseSession();
app.UseMvc();
}
}
推荐答案
以下代码不会影响Identity cookie:
The following code isn't affecting the Identity cookie:
services.AddAuthentication().AddCookie(options => ...);
相反,它添加了一个名为Cookies
的新的基于cookie的身份验证方案,并配置了 that .在所有标准的Identity设置中,此方案都未使用,因此对其配置的任何更改都将无效.
Instead, it's adding a new cookie-based authentication scheme, named Cookies
, and configuring that. With all the standard Identity setup, this scheme is unused, so any changes to its configuration will have no effect.
Identity使用的主要身份验证方案名为Identity.Application
,并在您的示例中注册在AddIdentity<TUser, TRole>
方法内部.可以使用 ConfigureApplicationCookie
.这是一个示例:
The primary authentication scheme used by Identity is named Identity.Application
and is registered inside of the AddIdentity<TUser, TRole>
method in your example. This can be configured using ConfigureApplicationCookie
. Here's an example:
services.ConfigureApplicationCookie(options => ...);
设置适当的位置后,cookie选项将受到预期的影响,但是要设置具有非会话生存期的cookie,您还需要在对true
="https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.signinmanager-1.passwordsigninasync?view=aspnetcore-2.2#Microsoft_AspNetCore_Identity_SignInManager_1_PasswordSignInAsync_System_String_System_String_System_String_System_Boolean_System_Boolean_" rel ="nofollow no .这是一个示例:
With that in place, the cookie options will be affected as intended, but in order to set a cookie with a non-session lifetime, you also need to set isPersistent
to true
inside your call to PasswordSignInAsync
. Here's an example:
await signInManager.PasswordSignInAsync(
someUser, somePassword, isPersistent: true, lockoutOnFailure: someBool);
这篇关于Cookie不会因StartUp.cs设置而过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!