asp.net – 控制FormsAuthentication createPersistentCookie到期

前端之家收集整理的这篇文章主要介绍了asp.net – 控制FormsAuthentication createPersistentCookie到期前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
在ASP.NET MVC2应用程序中,我们有标准的登录操作…
if (ValidateUser(model.Email,model.Password)
{
  FormsAuthentication.SetAuthCookie(model.Email,model.RememberMe);
  ...

其中SetAuthCookie的第二个参数是createPersistentCookie,其中包含以下文档:

createPersistentCookie
  Type: System.Boolean
    true to create a persistent cookie
    (one that is saved across browser sessions); otherwise,false.

我们希望持续性Cookie在2周后到期(即用户可以在2周内返回网站,不需要重新验证,之后他们会被要求再次登录).

我们如何设置持久性cookie的到期时间?

解决方法

你不能这样做吗
<system.web>
    <authentication mode="Forms">
          <forms timeout="20160"/>
    </authentication>
</system.web>

超时时间为几分钟.

此超时值与您是否创建持久性Cookie无关.它只是说如果没有明确终止cookie(FormsAuthentication.SignOut),它将在给定的时间段后自动过期.

换句话说,如果你这样做:

FormsAuthentication.SetAuthCookie(someMembershipName,false);

会导致Cookie到期时间:

>用户关闭浏览器,或
>达到超时.

相反如果你这样做:

FormsAuthentication.SetAuthCookie(someMembershipName,true);

将导致cookie只有到达超时时才到期.

HTH

编辑:

MSDN开始:

超时属性描述如下:

Specifies the time,in integer
minutes,after which the cookie
expires. If the SlidingExpiration
attribute is true,the timeout
attribute is a sliding value,expiring
at the specified number of minutes
after the time that the last request
was received. To prevent compromised
performance,and to avoid multiple
browser warnings for users who have
cookie warnings turned on,the cookie
is updated when more than half of the
specified time has elapsed. This might
cause a loss of precision. The default
is “30” (30 minutes).

Note Under ASP.NET V1.1 persistent
cookies do not time out,regardless of
the setting of the timeout attribute.
However,as of ASP.NET V2.0,
persistent cookies do time out
according to the timeout attribute
.

换句话说,此过期设置仅处理Forms Authentication cookie.

表单验证cookie是一个客户端cookie,它与您可能拥有的其他服务器端会话无关(即购物车).

该会话已过期,并显示以下设置:

<sessionstate 
      mode="inproc"
      cookieless="false" 
      timeout="20"

猜你在找的asp.Net相关文章