在aspxauth和asp.net_sessionid Cookie上设置/更新到期 [英] Set / update expiration on aspxauth and asp.net_sessionid cookies
问题描述
我想知道是否有一种方法可以设置您的.NET应用程序来设置和更新aspxauth和asp.net_sessionid cookie在浏览器的过期时间?
I am wondering if there is a way you can setup your .NET application to set and update the expiration time of the aspxauth and asp.net_sessionid cookies in the browser?
从我所看到的,cookies的过期日期就像1/1/0001,告诉浏览器保持它们,直到浏览器关闭(我观察到这个使用铬)。我想设置一个明确的时间,但是,我将需要更新每个请求的时间。
From what I see, the cookies' expiration dates are something like 1/1/0001 telling the browser to keep them until the browser closes (I've observed this using Chrome). I'd like to set an explicit time, but, I will need to update that time on every request.
我试图这样做一些代码,如: / p>
I am attempting to do this with some code like :
var timeoutMins = Session.Timeout;
if (Response.Cookies.Count > 0)
{
foreach (string s in Response.Cookies.AllKeys)
{
if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid")
{
Response.Cookies[s].Expires = DateTime.Now.AddMinutes(timeoutMins);
}
}
}
global.asax End_Request事件,虽然这似乎不是一个好地方,因为它每个页面多次启动,你不能访问sessionstate超时;进一步它只触发登录和注销,所以基本上我可以设置一次,但我永远不会更新它。这会导致我的用户在登录后15分钟后退出,即使他们已经活跃。
I tried doing this in the global.asax End_Request event, although this doesn't seem to be a good place since it fires several times per page and you dont have access to the sessionstate timeout; further it only triggers on login and logout, so basically I can set it once but I can never update it. This causes my users to be logged out 15 minutes after login even if they have been active.
似乎有一些设置可以告诉.net处理这个?我知道这是一个奇怪的请求,但它是这个项目的安全要求,所以我想让它工作!
It seems like there would be some setting somewhere to tell .net to handle this? I know this is a strange request but it is a security requirement on this project so I'm trying to make it work!
推荐答案
看起来没有很多人试图做我正在做的,但为了记录,我添加了代码到应用程序结束请求中,以找到请求中的cookie,并在响应中重新创建它们,并具有适当的到期时间: / p>
It looks like not many people are trying to do what I'm doing, but for the record, I added code to the application end request to find the cookies in the request and recreate them in the response with the appropriate expiration time :
var timeout = Convert.ToInt32(System.Configuration.ConfigurationManager.AppSettings["myTimeoutConfigSetting"]);
foreach (var cookey in Request.Cookies.AllKeys)
{
if (cookey == FormsAuthentication.FormsCookieName || cookey.ToLower() == "asp.net_sessionid")
{
var reqCookie = Request.Cookies[cookey];
if (reqCookie != null)
{
HttpCookie respCookie = new HttpCookie(reqCookie.Name, reqCookie.Value);
respCookie.Expires = DateTime.Now.AddMinutes(timeout);
Response.Cookies.Set(respCookie);
}
}
}
这篇关于在aspxauth和asp.net_sessionid Cookie上设置/更新到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!