在aspxauth和asp.net_sessionid Cookie上设置/更新到期 [英] Set / update expiration on aspxauth and asp.net_sessionid cookies

问题描述

我想知道是否有一种方法可以设置您的.NET应用程序来设置和更新aspxauth和asp.net_sessionid cookie在浏览器的过期时间？

I am wondering if there is a way you can setup your .NET application to set and update the expiration time of the aspxauth and asp.net_sessionid cookies in the browser?

从我所看到的，cookies的过期日期就像1/1/0001，告诉浏览器保持它们，直到浏览器关闭（我观察到这个使用铬）。我想设置一个明确的时间，但是，我将需要更新每个请求的时间。

From what I see, the cookies' expiration dates are something like 1/1/0001 telling the browser to keep them until the browser closes (I've observed this using Chrome). I'd like to set an explicit time, but, I will need to update that time on every request.

我试图这样做一些代码，如： / p>

I am attempting to do this with some code like :

var timeoutMins = Session.Timeout;
if (Response.Cookies.Count > 0)
{
   foreach (string s in Response.Cookies.AllKeys)
   {
       if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid")
       {
           Response.Cookies[s].Expires = DateTime.Now.AddMinutes(timeoutMins);
       }
   }
}

global.asax End_Request事件，虽然这似乎不是一个好地方，因为它每个页面多次启动，你不能访问sessionstate超时;进一步它只触发登录和注销，所以基本上我可以设置一次，但我永远不会更新它。这会导致我的用户在登录后15分钟后退出，即使他们已经活跃。

I tried doing this in the global.asax End_Request event, although this doesn't seem to be a good place since it fires several times per page and you dont have access to the sessionstate timeout; further it only triggers on login and logout, so basically I can set it once but I can never update it. This causes my users to be logged out 15 minutes after login even if they have been active.

似乎有一些设置可以告诉.net处理这个？我知道这是一个奇怪的请求，但它是这个项目的安全要求，所以我想让它工作！

It seems like there would be some setting somewhere to tell .net to handle this? I know this is a strange request but it is a security requirement on this project so I'm trying to make it work!

推荐答案

看起来没有很多人试图做我正在做的，但为了记录，我添加了代码到应用程序结束请求中，以找到请求中的cookie，并在响应中重新创建它们，并具有适当的到期时间： / p>

It looks like not many people are trying to do what I'm doing, but for the record, I added code to the application end request to find the cookies in the request and recreate them in the response with the appropriate expiration time :

var timeout = Convert.ToInt32(System.Configuration.ConfigurationManager.AppSettings["myTimeoutConfigSetting"]);    

foreach (var cookey in Request.Cookies.AllKeys)
{
  if (cookey == FormsAuthentication.FormsCookieName || cookey.ToLower() == "asp.net_sessionid")
  {
      var reqCookie = Request.Cookies[cookey];                                      

      if (reqCookie != null)
      {
          HttpCookie respCookie = new HttpCookie(reqCookie.Name, reqCookie.Value);
          respCookie.Expires = DateTime.Now.AddMinutes(timeout);

          Response.Cookies.Set(respCookie);
      }
  }
}

这篇关于在aspxauth和asp.net_sessionid Cookie上设置/更新到期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！