ASP.NET cookie 过期时间总是 1/1/0001 12:00 AM [英] ASP.NET cookie expiration time is always 1/1/0001 12:00 AM
问题描述
我正在使用以下代码设置 cookie 过期时间:
I'm setting the cookie expiration using the following code:
// remove existing cookies.
request.Cookies.Clear();
response.Cookies.Clear();
// ... serialize and encrypt my data ...
// now set the cookie.
HttpCookie cookie = new HttpCookie(AuthCookieName, encrypted);
cookie.Expires = DateTime.Now.Add(TimeSpan.FromHours(CookieTimeOutHours));
cookie.HttpOnly = true;
response.Cookies.Add(cookie);
// redirect to different page
<小时>
当我在另一个页面中读取 cookie 超时时,我收到 1/1/0001 12:00 AM.如果有人能帮我解决问题,我将不胜感激.我使用的是 ASP.NET 3.5
When I read the cookie timeout in the other page I'm getting 1/1/0001 12:00 AM. If someone can help me figure out the problem, I'll appreciate it. I'm using ASP.NET 3.5
好的.阅读 Gulzar 的链接后,我似乎根本无法检查 HttpRequest 上的 cookie.Expires?因为链接似乎表明 cookie.Expires 总是设置为 DateTime.MinValue 因为服务器永远无法知道客户端机器上的实际时间?所以这意味着我必须自己将时间存储在 cookie 中并检查它?我的理解正确吗?
ok. after reading the links from Gulzar, it appears that I cannot check cookie.Expires on the HttpRequest at all? Because the links seem to suggest that cookie.Expires is always set to DateTime.MinValue because the server can never know the actual time on the client machine? So this means I have to store the time inside the cookie myself and check it? Is my understanding correct?
谢谢香卡
推荐答案
这里的问题实际上并不在于 ASP.NET,而是在于浏览器在 http 请求中提供的信息量.无论您在服务器端使用何种平台,都无法获得到期日期.
The problem here doesn't really lie with ASP.NET but with the amount of information that is provided in the http request by browsers. The expiry date would be unobtainable regardless of the platform you are using on the server side.
正如您在问题中总结的那样,由 HttpRequest 对象提供的 HttpCookie 对象的 Expires 属性始终设置为 1/1/0001 12:00 AM.这是因为浏览器在发送请求时不会将这些过期信息以及域和路径等属性传递给服务器.发送的唯一 cookie 信息是名称和值.因此,请求中的 cookie 将具有这些缺失"字段的默认值,因为它们在服务器端是未知的.
As you have summarised yourself in your question the Expires property of the HttpCookie object that is provided by the HttpRequest object is always set to 1/1/0001 12:00 AM. This is because this expiry information, as well as the properties such as domain and path, are not passed by the browser to the server when it sends a request. The only cookie information that is sent is the name and value(s). Therefore cookies in the request will have default values for these 'missing' fields as they are unknown on the server side.
我猜这背后的原因是 cookie 的过期、域和路径属性仅在浏览器决定是否应该在请求中传递 cookie 时使用并且服务器只对名称和值感兴趣.
I would guess the reason behind this is that the expiry, domain and path attributes of a cookie are only intended to be used by the browser when it is making a decision as to whether it should pass a cookie in a request or not and that the server is only interested in the name and value(s).
您建议的工作是将到期时间复制为 cookie 的另一个值,这是获得您正在寻找的行为的一种方式.
The work around you have suggested of duplicating the expiry time as another value of the cookie is a way to get the behaviour you are looking for.
这篇关于ASP.NET cookie 过期时间总是 1/1/0001 12:00 AM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
