用户使用“记住我"注销 [英] User gets logged out with 'Remember me'
问题描述
我似乎很难理解Identity 2.0和cookie的工作方式. ASP.NET MVC 5.
I seem to have some trouble understanding the way Identity 2.0 and cookies work. ASP.NET MVC 5.
我想要什么: 如果用户登录并且他选中了记住我"复选框,则我不希望他退出.但是发生的是:用户在特定时间段后退出.
What I want: If a user logs in and he checks the checkbox 'Remember me', I don't want him to be logged out ever.. But what happens is: the user gets logged out after a certain timespan.
如果用户在时间跨度之前关闭浏览器,则记住我"功能将起作用. (当他重新打开网站时,他仍处于登录状态.)
The 'Remember me' functionality works if the user closes the browser before the timespan. (When he reopens the website, he's still logged in.)
这是我用于登录的代码:
This is the code I have for signing in:
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// Require the user to have confirmed their email before they can log on.
var user = await UserManager.FindByNameAsync(model.Email);
if (user != null)
{
if (!await UserManager.IsEmailConfirmedAsync(user.Id))
{
await SendEmailConfirmationTokenAsync(user.Id);
ModelState.AddModelError("", "Gelieve eerst je e-mailadres te bevestigen.");
return View(model);
}
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Ongeldige aanmeldpoging.");
return View(model);
}
}
这是Startup.Auth中的代码:
And this is the code in Startup.Auth:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(5),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>(
validateInterval: TimeSpan.FromMinutes(10),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => (id.GetUserId<int>()))
}
});
因此,我希望用户在5分钟后不会注销,因为在PasswordSignInAsync函数中设置了isPersistent标志.
So I would expect the user to not be logged out after 5 minutes, because the isPersistent flag is set in the PasswordSignInAsync function.
感谢您的帮助.
推荐答案
可以通过使用您自己的代码替换SecurityStampValidator.OnValidateIdentity
来解决此问题-重新生成Cookie时,它会忘记在新Cookie中添加"RememberMe"属性,这会使新Cookie不再持久.
It can be fixed by replacing SecurityStampValidator.OnValidateIdentity
with your own code - when the cookie is re-generated, it forgets to add "RememberMe" property in the new cookie and this makes the new cookie not persistent.
我认为此问题已在v2.2中解决,但此版本尚未投入生产.遗憾的是,现在我找不到原始的错误报告.
I think this has been resolved in v2.2, but this version is not out for production yet. And sadly I can't find the original bug-report for this now.
这篇关于用户使用“记住我"注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!