持续的身份验证令牌过期 [英] Persistent Auth Token Expires
问题描述
我必须使用窗体身份验证的ASP.NET MVC应用程序。在此处,我创建了身份验证令牌的code线:
I have an ASP.NET MVC application using forms authentication. Here's the line of code where I create the auth token:
FormsAuthentication.SetAuthCookie(username, true);
我的web.config包括:
My web.config contains:
<system.web>
<machineKey validationKey="{unique key}" decryptionKey="{unique key}" validation="SHA1" decryption="AES" />
<authentication mode="Forms">
<forms loginUrl="~/account/" timeout="2880" />
</authentication>
...
</system.web>
<location path="my">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
尽管为持久性cookie的参数被设置为true,我的用户后得到的闲置几天退出。
Despite the parameter for the persistent cookie being set to true, my users get logged out after a few days of inactivity.
该应用程序部署到AppHarbor,但我经历了相同的行为,当它在专用服务器上托管。
The app is deployed to AppHarbor, but I experienced the same behavior when it was hosted on a dedicated server.
我在想什么,会导致用户获得零星注销?
What am I missing that would cause users to get logged out sporadically?
推荐答案
您超时设置2880分钟,这48个小时?
Your timeout is set to 2880 minutes, which is 48 hours?
超时用于指定窗体身份验证会话寿命有限。默认值是30分钟。如果一个持久的窗体身份验证cookie发出后,timeout属性还用于设置持久Cookie的生存期。
timeout is used to specify a limited lifetime for the forms authentication session. The default value is 30 minutes. If a persistent forms authentication cookie is issued, the timeout attribute is also used to set the lifetime of the persistent cookie.
http://msdn.microsoft.com/en-us/library/ ff647070.aspx
这篇关于持续的身份验证令牌过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!