窗体身份验证超时VS的sessionState超时 [英] Forms authentication timeout vs sessionState timeout

问题描述

我有code是我期待通过网站关于会话超时。在web.config中我遇到了这个code。

I have code that i am looking through regarding session time outs of the website. In the web.config i came across this code.

 <authentication mode="Forms">
  <forms loginUrl="~/Auth/SignOn.aspx" timeout="40" slidingExpiration="true" />
</authentication>

<sessionState timeout="30" />

有谁知道如果以precedent比其他，以及​​它们是如何不同。谢谢你。

Does anyone know if one takes precedent over the other, and how they are different. Thanks.

推荐答案

他们是不同的东西。窗体身份验证超时值设置的时间量以分钟为身份验证Cookie设置为有效，这意味着，这后几分钟的值号，cookie将到期，用户将不再被验证 - 他将被重定向到登录页面自动调整广告。在 slidingExpiration = TRUE 值基本上是说，每一个请求提出后，计时器将复位，只要用户做出的超时值内的要求，他将继续验证。如果设置 slidingExpiration = FALSE 身份验证Cookie后，将到期值分钟数，无论用户是否发出请求超时值内或不

They are different things. The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid, meaning, that after value number of minutes, the cookie will expire and the user will no longer be authenticated -he will be redirected to the login page automatically-. The slidingExpiration=true value is basically saying that after every request made, the timer is reset and as long as the user makes a request within the timeout value, he will continue to be authenticated. If you set slidingExpiration=false the authentication cookie will expire after value number of minutes regardless of whether the user makes a request within the timeout value or not.

的 SessionState会超时值设置的保存在内存中的数据会话状态提供者所需要的时间（或正在使用的任何后备存储，SQL服务器，OutOfProc，等）用于特定的会话。例如，如果您使用您的值，例如把一个物体在会议上，这一数据将在30分钟后取出。用户仍然可以认证但在会话中的数据可能不再是present。在会话超时值始终为每个请求后复位。

The SessionState timeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session. For example, if you put an object in Session using the value in your example, this data will be removed after 30 minutes. The user may still be authenticated but the data in Session may no longer be present. The Session Timeout value is always reset after every request.

这篇关于窗体身份验证超时VS的sessionState超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！