更改 ASP.NET 会话状态 cookie 的过期时间

发布于 2024-09-04 10:57:03 字数 378 浏览 1 评论 0原文

我正在使用 ASP.NET 会话状态来跟踪网站上的登录用户。

然而，我遇到的一个问题是，默认情况下，ASP.NET 会话 cookie 设置为在浏览器关闭时过期。

我尝试设置自己的 ASP.NET_SessionId cookie 并使用类似于以下代码：

Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(1);

这些方法都不起作用，它们都设置了第二个同名的 cookie。

有没有办法改变会话cookie的有效期？

原文

I'm using ASP.NET Session State to keep track of logged in users on my site.

However, one problem I'm running into is that by default ASP.NET session cookies are set to expire when the browser closes.

http://ahb.me/43e

I've tried setting my own ASP.NET_SessionId cookie and modifying the cookie's expiry using something similar to the following code:

Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(1);

None of these approaches work, they all set a second cookie with the same name.

Is there a way of changing the session cookie's expiry?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

扶醉桌前 2024-09-11 10:57:03

根据 Joe 的回答中的链接，我想出了这种方法：

public void Application_PostRequestHandlerExecute(object sender, EventArgs e)
{
    UpdateSessionCookieExpiration();
}

/// <summary>
/// Updates session cookie's expiry date to be the expiry date of the session.
/// </summary>
/// <remarks>
/// By default, the ASP.NET session cookie doesn't have an expiry date,
/// which means that the cookie gets cleared after the browser is closed (unless the
/// browser is set up to something like "Remember where you left off" setting).
/// By setting the expiry date, we can keep the session cookie even after
/// the browser is closed.
/// </remarks>
private void UpdateSessionCookieExpiration()
{
    var httpContext = HttpContext.Current;
    var sessionState = httpContext?.Session;

    if (sessionState == null) return;

    var sessionStateSection = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
    var sessionCookie = httpContext.Response.Cookies[sessionStateSection?.CookieName ?? "ASP.NET_SessionId"];

    if (sessionCookie == null) return;

    sessionCookie.Expires = DateTime.Now.AddMinutes(sessionState.Timeout);
    sessionCookie.HttpOnly = true;
    sessionCookie.Value = sessionState.SessionID;
}

可以将此代码插入 Global.asax.cs 中。

Based on links in Joe's answer, I figured out this approach:

public void Application_PostRequestHandlerExecute(object sender, EventArgs e)
{
    UpdateSessionCookieExpiration();
}

/// <summary>
/// Updates session cookie's expiry date to be the expiry date of the session.
/// </summary>
/// <remarks>
/// By default, the ASP.NET session cookie doesn't have an expiry date,
/// which means that the cookie gets cleared after the browser is closed (unless the
/// browser is set up to something like "Remember where you left off" setting).
/// By setting the expiry date, we can keep the session cookie even after
/// the browser is closed.
/// </remarks>
private void UpdateSessionCookieExpiration()
{
    var httpContext = HttpContext.Current;
    var sessionState = httpContext?.Session;

    if (sessionState == null) return;

    var sessionStateSection = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
    var sessionCookie = httpContext.Response.Cookies[sessionStateSection?.CookieName ?? "ASP.NET_SessionId"];

    if (sessionCookie == null) return;

    sessionCookie.Expires = DateTime.Now.AddMinutes(sessionState.Timeout);
    sessionCookie.HttpOnly = true;
    sessionCookie.Value = sessionState.SessionID;
}

This code can be inserted in Global.asax.cs.

回复收藏 0 原文

樱花坊 2024-09-11 10:57:03

我建议您使用 FormsAuthentication 来跟踪登录的用户。您可以使用持久的 FormsAuthenticationCookie 来实现您想要的目的。

或者，如果您确实想使用会话状态，请尝试这个技术。

回复收藏 0 原文

梦在深巷 2024-09-11 10:57:03

只是猜测：也许编辑 web.config 中的 session.configuration 可以更改 cookie 过期时间？您可以这里看看？

回复收藏 0 原文

時窥 2024-09-11 10:57:03

我认为尝试长时间保持会话活动是错误的方法，并且会限制您的可扩展性。会话 cookie 指向服务器上 IIS 维护的特定会话。一般来说，您希望会话在用户关闭浏览器后关闭，以免消耗非活动用户的所有可用服务器资源。您希望关闭离开用户的会话并将资源提供给新到达的用户。这就是会话 cookie 过期的原因。

如果您想在用户关闭浏览器后维护某些用户状态，您可以随时查看类似个人资料。或者，如果这是针对购物车之类的东西，您可以将购物车保留在数据库中，然后在用户再次登录时将其重新连接到用户。

回复收藏 0 原文

心清如水 2024-09-11 10:57:03

汤姆的回答几乎对我有用，除了将 cookie 转换为变量并设置其属性之外。我必须像这样直接设置对象的属性：

HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].Expires = expiryDate;
HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].HttpOnly = true;
HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].Value = sessionState.SessionID;

我仍然将 cookie 转换为变量以检查它是否为 null，如果是则返回。

Tom's answer almost worked for me, except for casting the cookie into a variable and setting its properties. I had to set the properties of the object directly like so:

HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].Expires = expiryDate;
HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].HttpOnly = true;
HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].Value = sessionState.SessionID;

I still cast the cookie into a variable to check if it's null, and return if so.

回复收藏 0 原文

~没有更多了~