解决方法
身份没有内置的方式来跟踪同时登录,但您可以进行解决方法:每次用户登录时,在设置auth-cookie之前,通过等待userManager.UpdateSecurityStampAsync(user.Id)来更改用户的SecurityStamp;
并确保在Startup.Auth.cs中包含此部分:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(5),regenerateIdentity: (manager,user) => user.GenerateUserIdentityAsync(manager))
}
});
这样,每次用户登录时,所有其他会话都将失效,因为用户的SecurityStamp已更改.并且validateInterval值足够低,因此其他auth-cookies可以很快失效.
