表单身份验证超时与 sessionState 超时 [英] Forms authentication timeout vs sessionState timeout

问题描述

我正在查看有关网站会话超时的代码.在 web.config 中，我遇到了这段代码.

I have code that i am looking through regarding session time outs of the website. In the web.config i came across this code.

 <authentication mode="Forms">
  <forms loginUrl="~/Auth/SignOn.aspx" timeout="40" slidingExpiration="true" />
</authentication>

<sessionState timeout="30" />

有谁知道一个是否优先于另一个，以及它们有何不同.谢谢.

Does anyone know if one takes precedent over the other, and how they are different. Thanks.

推荐答案

它们是不同的东西.Forms Authentication Timeout 值以分钟为单位设置身份验证 cookie 设置为有效的时间量，这意味着在 value 分钟后，cookie 将过期并且用户将不再通过身份验证- 他们将被自动重定向到登录页面.slidingExpiration=true 值基本上是说，只要用户在超时值内发出请求，他们就会继续进行身份验证(更多详细信息此处).如果您设置 slidingExpiration=false，则无论用户是否在超时值内发出请求，身份验证 cookie 都会在 value 分钟后过期.

They are different things. The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid, meaning, that after value number of minutes, the cookie will expire and the user will no longer be authenticated—they will be redirected to the login page automatically. The slidingExpiration=true value is basically saying that as long as the user makes a request within the timeout value, they will continue to be authenticated (more details here). If you set slidingExpiration=false the authentication cookie will expire after value number of minutes regardless of whether the user makes a request within the timeout value or not.

SessionState 超时值设置会话状态提供程序在内存(或正在使用的任何后备存储，SQL Server、OutOfProc 等)中为特定会话保存数据所需的时间量.例如，如果您使用示例中的值在 Session 中放置一个对象，则此数据将在 30 分钟后删除.用户可能仍会通过身份验证，但会话中的数据可能不再存在.Session Timeout 值总是在每次请求后重置.

The SessionState timeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session. For example, if you put an object in Session using the value in your example, this data will be removed after 30 minutes. The user may still be authenticated but the data in the Session may no longer be present. The Session Timeout value is always reset after every request.

这篇关于表单身份验证超时与 sessionState 超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！