表单身份验证 cookie 似乎停止工作
我希望我的应用程序具有允许用户检查他们是否希望无限期保持登录的功能(任意将 cookie 过期设置为从现在起 3 个月)。
我用于处理此问题的代码是
private static HttpCookie GetFormsAuthenticationCookie(string userNameResponse,
bool persistCookie)
{
var cookie = FormsAuthentication.GetAuthCookie(userNameResponse, persistCookie);
if (persistCookie)
cookie.Expires = DateTime.Now.AddMonths(3);
return cookie;
}
private void LoginUser(string userNameResponse, bool PersistCookie)
{
Response.Cookies.Add(GetFormsAuthenticationCookie(userNameResponse, PersistCookie));
string navigateAfterUrl = FormsAuthentication.GetRedirectUrl(userNameResponse,
PersistCookie);
Response.Redirect(navigateAfterUrl);
}
但是,稍后当我返回站点时,我需要再次登录。我已经验证 cookie 会随着我的过期日期返回,并且不会被设置为会话 cookie(也通过关闭/重新打开浏览器进行测试,并且 cookie 仍然存在)。我的一个想法是,这与 ASP.NET 会话过期有关。
我的 web.config 中有一个特定的机器密钥设置,所以如果 IIS 重新启动等,相同的 cookie 不应该工作吗?有没有人对可能导致此问题的原因有任何建议,或者至少对如何进一步追踪此问题有任何建议,因为我想不出其他任何事情可做。
I want to have functionality on my application that lets a user check off that they wish to stay logged indefinitely (arbitrarily setting the cookie expiration at 3 months from NOW).
The code I have for dealing with this is
private static HttpCookie GetFormsAuthenticationCookie(string userNameResponse,
bool persistCookie)
{
var cookie = FormsAuthentication.GetAuthCookie(userNameResponse, persistCookie);
if (persistCookie)
cookie.Expires = DateTime.Now.AddMonths(3);
return cookie;
}
private void LoginUser(string userNameResponse, bool PersistCookie)
{
Response.Cookies.Add(GetFormsAuthenticationCookie(userNameResponse, PersistCookie));
string navigateAfterUrl = FormsAuthentication.GetRedirectUrl(userNameResponse,
PersistCookie);
Response.Redirect(navigateAfterUrl);
}
However at some point later when I return to the site I need to login again. I have verified that the cookie comes back with my expiration date and that it is not set as a session cookie (also tested with closing/reopening browser and cookie still exists). My one thought is that it has something to do with when ASP.NET expires the session.
I have a specific machine key setup in my web.config so shouldn't the same cookie work if IIS gets restarted etc? Does anyone have any suggestions on what could either be causing this or atleast on how to trace this further since I can't think of anything else to do.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当您调用 GetAuthCookie 方法时 FormsAuthenticationTicket 是使用 Web.config 中的超时 属性。因此,请务必正确设置它:
一旦票证被加密,它就会用作 cookie 的值。当您设置 Expires 属性时cookie 为给定值,这表明它将在给定时间内保留在客户端计算机上。然后,在每次请求时,ASP.NET 运行时都会检查 cookie 是否存在,并尝试解密该值并获取票证。接下来,它将使用 Timeout 属性检查票证是否仍然有效,因此,如果超时时间很短,无论您的 cookie 是否仍在传输,票证都将不再有效,并且身份验证将失败。
When you call the GetAuthCookie method a FormsAuthenticationTicket is created with a timeout given by the Timeout property in web.config. So be sure to set it properly:
Once the ticket is encrypted it is used as a value for the cookie. When you set the Expires property of your cookie to a given value this indicates that it will be persisted on the client computer for the given period. Then on every request ASP.NET runtime will check the presence of the cookie, will try to decrypt the value and obtain the ticket. Next it will check if the ticket is still valid by using the Timeout property, so if you have a small timeout, no matter that your cookie is still transmitted, the ticket is no longer valid and the authentication will fail.