会话超时不工作（在web.config中设置） [英] Session timeout does not work ( is set in web.config )

问题描述

我用ClaimsIdentity框架建立AUTH在我的应用程序之一。

我添加这些行到的web.config 文件中一样的这个问题。

 ＆LT;的sessionState
         模式=是InProc
         超时=1/＆GT;
 

我让应用程序运行在一夜之间，但我还是登录。
我想会话超时设置为30分钟，有什么建​​议？

ASP.NET MVC版本：5.2.3.0

解决方案

每的 ASP.Net-身份的Cookie的身份验证，超时你应该使用标识的 UseCookieAuthentication（）参数，设置超时时间。

  app.UseCookieAuthentication（新CookieAuthenticationOptions
{
  AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie，
  LOGINPATH =新PathString（/帐号/登录），
  供应商=新CookieAuthenticationProvider
  {
    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity＆LT; ApplicationUserManager，ApplicationUser＆GT;（
        validateInterval：TimeSpan.FromMinutes（15），
        regenerateIdentity：（经理，用户）=＆GT; user.GenerateUserIdentityAsync（经理））
  }，
  SlidingExpiration =假，
  ExpireTimeSpan = TimeSpan.FromMinutes（30）
}）;
 

  

CookieAuthenticationOptions.ExpireTimespan是允许您设置发出的cookie的有效期为选项。在上面的例子中，cookie的有效期为自创建时30分钟。一旦这些30分钟为达到用户必须重新登录监守的SlidingExpiration设置为false。

  
  

如果SlidingExpiration设置为true，那么该cookie将通过该ExpireTimeSpan任何要求的一半重发。例如，如果用户登录并再制成16分钟后该Cookie将重新发出另外30分钟的第二请求。如果用户登录，然后做了第二次请求31分钟后则用户将被提示登录。

I used the ClaimsIdentity Framework to set up auth in one of my applications.

I added those lines into the web.config file like decribed in this question.

<sessionState
         mode="InProc"
         timeout="1" />

I let the application run overnight, but I was still logged in. I'd like to set the session timeout to 30 minutes, any suggestions ?

ASP.NET MVC Version: 5.2.3.0

解决方案

Per ASP.Net-Identity-Cookie-Authentication-Timeouts you should be using Identity's UseCookieAuthentication() parameters to set the timeout.

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
  AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
  LoginPath = new PathString("/Account/Login"),
  Provider = new CookieAuthenticationProvider
  {
    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
        validateInterval: TimeSpan.FromMinutes(15),
        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
  },
  SlidingExpiration = false,
  ExpireTimeSpan = TimeSpan.FromMinutes(30)
});

CookieAuthenticationOptions.ExpireTimespan is the option that allows you to set how long the issued cookie is valid for. In the example above, the cookie is valid for 30 minutes from the time of creation. Once those 30 minutes are up the user will have to sign back in becuase the SlidingExpiration is set to false.

If SlidingExpiration is set to true then the cookie would be re-issued on any request half way through the ExpireTimeSpan. For example, if the user logged in and then made a second request 16 minutes later the cookie would be re-issued for another 30 minutes. If the user logged in and then made a second request 31 minutes later then the user would be prompted to log in.

这篇关于会话超时不工作（在web.config中设置）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！