用户使用“记住我"注销 [英] User gets logged out with 'Remember me'

问题描述

我似乎很难理解Identity 2.0和cookie的工作方式. ASP.NET MVC 5.

I seem to have some trouble understanding the way Identity 2.0 and cookies work. ASP.NET MVC 5.

我想要什么: 如果用户登录并且他选中了记住我"复选框，则我不希望他退出.但是发生的是:用户在特定时间段后退出.

What I want: If a user logs in and he checks the checkbox 'Remember me', I don't want him to be logged out ever.. But what happens is: the user gets logged out after a certain timespan.

如果用户在时间跨度之前关闭浏览器，则记住我"功能将起作用. (当他重新打开网站时，他仍处于登录状态.)

The 'Remember me' functionality works if the user closes the browser before the timespan. (When he reopens the website, he's still logged in.)

这是我用于登录的代码:

This is the code I have for signing in:

 public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
 {
      if (!ModelState.IsValid)
      {
           return View(model);
      }

      // Require the user to have confirmed their email before they can log on.
      var user = await UserManager.FindByNameAsync(model.Email);
      if (user != null)
      {
           if (!await UserManager.IsEmailConfirmedAsync(user.Id))
           {
                await SendEmailConfirmationTokenAsync(user.Id);

                ModelState.AddModelError("", "Gelieve eerst je e-mailadres te bevestigen.");
                return View(model);
            }
      }

      // This doesn't count login failures towards account lockout
      // To enable password failures to trigger account lockout, change to shouldLockout: true
      var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
      switch (result)
      {
           case SignInStatus.Success:
                return RedirectToLocal(returnUrl);
           case SignInStatus.LockedOut:
                return View("Lockout");
           case SignInStatus.Failure:
           default:
                ModelState.AddModelError("", "Ongeldige aanmeldpoging.");
                return View(model);
      }
 }

这是Startup.Auth中的代码:

And this is the code in Startup.Auth:

 app.UseCookieAuthentication(new CookieAuthenticationOptions
 {
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
      LoginPath = new PathString("/Account/Login"),
      ExpireTimeSpan = TimeSpan.FromMinutes(5),
      Provider = new CookieAuthenticationProvider
      {
           // Enables the application to validate the security stamp when the user logs in.
           // This is a security feature which is used when you change a password or add an external login to your account.

           OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>(
                validateInterval: TimeSpan.FromMinutes(10),
                regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
                getUserIdCallback: (id) => (id.GetUserId<int>()))
      }
 });

因此，我希望用户在5分钟后不会注销，因为在PasswordSignInAsync函数中设置了isPersistent标志.

So I would expect the user to not be logged out after 5 minutes, because the isPersistent flag is set in the PasswordSignInAsync function.

感谢您的帮助.

推荐答案

这是已知 错误.

可以通过使用您自己的代码替换SecurityStampValidator.OnValidateIdentity来解决此问题-重新生成Cookie时，它会忘记在新Cookie中添加"RememberMe"属性，这会使新Cookie不再持久.

It can be fixed by replacing SecurityStampValidator.OnValidateIdentity with your own code - when the cookie is re-generated, it forgets to add "RememberMe" property in the new cookie and this makes the new cookie not persistent.

我认为此问题已在v2.2中解决，但此版本尚未投入生产.遗憾的是，现在我找不到原始的错误报告.

I think this has been resolved in v2.2, but this version is not out for production yet. And sadly I can't find the original bug-report for this now.

这篇关于用户使用“记住我"注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！