为什么 cookie ExpireTimeSpan 设置不起作用? [英] Why doesn't cookie ExpireTimeSpan setting work?

问题描述

我用过:

services.AddAuthenticationCore().ConfigureApplicationCookie(o =>{o.ExpireTimeSpan = TimeSpan.FromHours(1);o.SlidingExpiration = true;});

在 ASP.NET Core MVC 项目的 Startup.cs 中设置我的身份验证 cookie ExpireTimeSpan.

我可以看到登录后在 Web 浏览器中正确设置了 cookie 过期时间，但每次 30 分钟后都会自动注销，即使我每 10 秒刷新一次网站.

如果我设置ExpireTimeSpan小于30分钟，它可以正确超时，但不能刷新expire-time.

为什么是 30 分钟?在哪里可以更改 30 分钟超时设置?还是IIS里设置的?

解决方案

为什么是 30 分钟?

这是 ASP.NET Core Identity 的默认设置.

<块引用>

在哪里可以更改 30 分钟超时设置?还是IIS里设置的?

没有.在IdentityRegistrar.Register:

public IServiceProvider ConfigureServices(IServiceCollection services){//...IdentityRegistrar.Register(services);//没变AuthConfigurer.Configure(services, _appConfiguration);//没变services.ConfigureApplicationCookie(o =>{o.ExpireTimeSpan = TimeSpan.FromHours(1);o.SlidingExpiration = true;});//...}

<块引用>

如果您在 services.AddIdentity 之前定义它，您的自定义值将被覆盖."

https://github.com/aspnet/Identity/issues/1389#issuecomment-324257591

I used:

services.AddAuthenticationCore().ConfigureApplicationCookie(o =>
{
    o.ExpireTimeSpan = TimeSpan.FromHours(1);
    o.SlidingExpiration = true;
});

to set my authentication cookie ExpireTimeSpan in Startup.cs in ASP.NET Core MVC project.

I can see that the cookie expire-time has been set correctly in the web browser after login, but it auto logout after 30 minutes every time, even if I refresh the website every 10 seconds.

If I set the ExpireTimeSpan less than 30 minutes, it can timeout correctly, but expire-time cannot be refreshed.

Why is it 30 minutes? Where can I change the 30 minutes timeout setting? Or is it set in IIS?

解决方案

Why is it 30 minutes?

It's the default of ASP.NET Core Identity.

Where can I change the 30 minutes timeout setting? Or is it set in IIS?

No. Call ConfigureApplicationCookie after IdentityRegistrar.Register:

public IServiceProvider ConfigureServices(IServiceCollection services)
{
    // ...

    IdentityRegistrar.Register(services);                  // No change
    AuthConfigurer.Configure(services, _appConfiguration); // No change

    services.ConfigureApplicationCookie(o =>
    {
        o.ExpireTimeSpan = TimeSpan.FromHours(1);
        o.SlidingExpiration = true;
    });

    // ...
}

"If you define it before the services.AddIdentity, your custom values will be overwritten."

https://github.com/aspnet/Identity/issues/1389#issuecomment-324257591

这篇关于为什么 cookie ExpireTimeSpan 设置不起作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！