我需要使用滑动到期设置为true.我已经阅读论坛,并且理解了精度损失的问题,如果请求仅在一半的到期时间之后才会更新该机票.
问题:
在我的webconfig我有如下:
<authentication mode="Forms">
<forms timeout="20" name="sqlAuthCookie" protection="All" slidingExpiration="true" />
</authentication>
<sessionState timeout="20" />
<authorization>
只有当20分钟内没有请求时,用户才能注销并重定向到login.aspx.问题是用户正在发出请求,仍然被抛出到登录页面.这不应该发生.我想到的是为每个请求手动重置sqlAuthCookie.
以下是我的代码它在context.AcquireRequestState上调用.
void context_AcquireRequestState(object sender,EventArgs e)
{
HttpContext ctx = HttpContext.Current;
ResetAuthCookie(ctx);
}
private void ResetAuthCookie(HttpContext ctx)
{
HttpCookie authCookie = ctx.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null)
return;
FormsAuthenticationTicket ticketOld = FormsAuthentication.Decrypt(authCookie.Value);
if (ticketOld == null)
return;
if (ticketOld.Expired)
return;
FormsAuthenticationTicket ticketNew = null;
if (FormsAuthentication.SlidingExpiration)
ticketNew = FormsAuthentication.RenewTicketIfOld(ticketOld);
if (ticketNew != ticketOld)
StoreNewCookie(ticketNew,authCookie,ctx);
}
private void StoreNewCookie(FormsAuthenticationTicket ticketNew,HttpCookie authCookie,HttpContext ctx)
{
string hash = FormsAuthentication.Encrypt(ticketNew);
if (ticketNew.IsPersistent)
authCookie.Expires = ticketNew.Expiration;
authCookie.Value = hash;
authCookie.HttpOnly = true;
ctx.Response.Cookies.Add(authCookie);
}
我的问题是:
>是错误还是可接受的解决方案,重置每个请求的cookie?
>为什么还不行?看来新机票永远不会更新.
>是否有其他原因可能,因为用户的表单验证过期太快,我应该调查?
谢谢,
问候,
解决方法@H_403_25@
一个表单认证cookie只在一半到期时间过后自动更新.
来自微软:
If the Web page is accessed before half of the expiration time passes,
the ticket expiration time will not be reset. For example,if any Web
page is accessed again at 5:04 00:00:00 PM,the cookies and ticket
timeout period will not be reset.
To prevent compromised performance,and to avoid multiple browser
warnings for users that have cookie warnings turned on,the cookie is
updated when more than half the specified time has elapsed.
这可能是你的问题.如果您的客户在9分钟内访问您的网站,并且不再访问10分钟,那么他们将被超时.即使您的会话超时设置为20分钟,也会发生这种情况.
手动更新您的票,就像您所做的一样,是没有必要的.你只需要启用滑动过期.如果“特定时间的一半”规则对您无效,那么您必须查看其他解决方案.
来自微软:
If the Web page is accessed before half of the expiration time passes,
the ticket expiration time will not be reset. For example,if any Web
page is accessed again at 5:04 00:00:00 PM,the cookies and ticket
timeout period will not be reset.To prevent compromised performance,and to avoid multiple browser
warnings for users that have cookie warnings turned on,the cookie is
updated when more than half the specified time has elapsed.
这可能是你的问题.如果您的客户在9分钟内访问您的网站,并且不再访问10分钟,那么他们将被超时.即使您的会话超时设置为20分钟,也会发生这种情况.
手动更新您的票,就像您所做的一样,是没有必要的.你只需要启用滑动过期.如果“特定时间的一半”规则对您无效,那么您必须查看其他解决方案.
