在.net和php之间更新表单auth ticket到期的好策略是什么? [英] What's a good strategy for renewing the expiration of a forms auth ticket between .net and php?
问题描述
我正在创建一个应用程序,该应用程序将获取存储来自.NET的表单身份验证票证的Cookie的内容。这部分完成。在该票证是过期时间,默认20分钟。
I'm creating an application that will get the contents of a cookie storing a forms authentication ticket from .net. That part is done. In that ticket is an expiration time, by default 20 minutes.
所以方案是,用户登录并在.net端验证。然后他们被重定向到我的PHP应用程序。我得到用户名,票据到期等。
So the scenario is, a user logs in and is validated on the .net side. Then they are redirected to my PHP app. I get the username, ticket expiration, etc.
在用户在我的应用程序上保持活动时,更新票证的最佳方法是什么?这里有两种可能的方法,我敢肯定还有更多:
What is the best way to go about renewing the ticket as the user stays active on my app? Here are two possible approaches, I'm sure there are more:
-
离开到期10分钟,仍然活动,联系.net Web服务向我发出带有新到期的新票证。当页面空闲20分钟时,用户将被重定向到原始的.net登录。
At 10 minutes away from expiration and if the user is still active, a .net web service is contacted to issue me a new ticket with a new expiration. When the page is idle for 20 minutes, the user is redirected to the original .net login.
。当它接近10分钟,并且用户仍在浏览它刷新。但是当页面空闲20分钟时,用户将重定向回原始的.net登录。
PHP takes care of the expiration with a cookie on its side. When it approaches 10 minutes and the user is still browsing it refreshes. But when the page is idle for 20 minutes, the user is redirected back to the original .net login.
其他建议?优点,缺点这些?我正在寻找速度和安全性。
Other suggestions? Pros, cons to either of these? I'm looking for both speed and security.
推荐答案
我会假设你的问题,并且您正在使用滑动到期。如果您打算尝试在php中复制相同的行为,则您可能需要查看此< a>。
I'll assume from your question that you're not using persistent cookies and that you're using sliding expiration. If you intend on trying to replicate the same behavior in php then you might want to take a look at this.
让我们举个例子:如果登录页面是在5:00 00:00:00访问,如果timeout属性为10并且slidingExpiration属性设置为TRUE,则会在5:10 00:00:00 PM过期。现在,如果任何网页是在5点05分下午12时00分00秒再次浏览,饼干和门票超时时间将被重置为5点一刻下午12时00分00秒。
Let us take an example: If the logon page is accessed at 5:00 00:00:00 PM, it should expire at 5:10 00:00:00 PM if the timeout attribute is 10 and the slidingExpiration attribute is set to TRUE. Now, if any Web page is browsed again at 5:05 00:00:00 PM, the cookies and ticket time-out period will be reset to 5:15 00:00:00 PM.
基本上你将每当用户访问你的PHP网页的一个更新cookie的到期时间。
Basically you would update the cookie's expiration time whenever the user accesses one of your php pages.
另一种选择是在你的页面中嵌入类似IFRAME的东西,从你的.net网站下拉一个.aspx。这将有刷新cookie的效果。
Another option is to embed something like an IFRAME in your pages which would pull down an .aspx from your .net site. This will have the effect of "refreshing" the cookie.
这篇关于在.net和php之间更新表单auth ticket到期的好策略是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
