什么会导致asp.net应用程序忘记用户？ [英] What could cause an asp.net application to forget a user?

问题描述

我有一个asp.net应用程序，这似乎忘记了用户在一段时间后登录。

I've got an asp.net application which seems to forget that a user is logged in after a while.

我使用的成员资格提供程序时选择记住在日志中它在会议期间记得它。我甚至可以关闭浏览器，重新启动和回来，它仍然在被记录。但是，一段时间后也很难忘记，它似乎在任何旧的时间去做。我一度被登录，当我去到一个新的页面有人退出。

I'm using the membership provider and when opt to "remember" the log in it remembers it during the session. I can even close the browser, restart and come back and it will still be logged in. But after a while it forgets and it seems to do it at any old time. I've once been logged in and when I went to a new page it was logged out.

其他奇怪的事情是：

1. 在我的机器它会记住在日志中，直到永远。重新启动IIS和重新编译即使它会记住我的登录预期。


2. 我有在同一服务器上其他应用程序，它永远记住登录。我比较了他们如何处理登录，他们似乎是相同的。

这使我相信，这个问题事做，在没有直接关系的登录名和会员code中的应用程序的服务器或者什么的。我可以看看是什么在哪里？

This leads me to believe that the issue has something to do with the server or perhaps something in the application not directly related to the login and membership code. What could I look at?

编辑：
抬眼使用招cookie的，他们似乎是好的。
今天创造了一个验证cookie过期从现在开始2周，这是我的配置是如何设置的：
到期=周一，06月2010年1点47分51秒GMT

Looked up the cookie using Fiddler and they seem to be ok. An Authentication cookie created today expires 2 weeks from now, which is how my config is set up: expires=Mon, 06-Sep-2010 01:47:51 GMT

编辑：
这个问题似乎是，应用程序池回收和身份验证cookie变得无效，因为它可以为机器密钥已经改变不再被读出。解决的办法是一个细分的machineKey添加到Web.config并提供一个静态的计算机密钥。

The problem seems to be that the app pool is recycling and the authentication cookie becomes invalid because it can no longer be read as the machine key has changed. The solution was to add a machineKey segment to the web.config and supply a static machine key.

推荐答案

有两个主要的可能性。

1. 曲奇到期。如果cookie到期/消失，然后你被认为是退出。

1. Cookie expiration. If the cookie expires / goes away, then you are considered logged out.

Cookie的失效。登录的Cookie是基于将machineKey值加密。如果没有指定的machineKey，一个新的每一个应用程序池启动时再生（或回收）。这意味着，与老的machineKey加密的登录cookie现在是无效的，你就不会被认为是记录。

Cookie invalidation. Login cookies are encrypted based on the machineKey value. If you do not specify a machineKey, a new one is regenerated each time the application pool starts up (or is recycled). That means that any login cookie encrypted with the old machineKey is now invalid, and you will not be considered logged in.

请检查循环设置是什么在IIS应用程序池，看看是否与你没有被登录的时间相对应。

Check to see what the recycle settings are on your application pool in IIS and see if that corresponds with the timing of you not being logged in.

这篇关于什么会导致asp.net应用程序忘记用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！