ASP.NET:身份验证期限到期后,FormsCookie 会消失吗?
我正在尝试建立一些身份验证超时过期检查,但我注意到一些奇怪的事情。当身份验证期限仍然有效时,以下代码将给我一个 cookie:
HttpCookie authCookie = context.Request.Cookies[".ASPXAUTH"]; // .ASPXAUTH name defined in web.config
但是当身份验证期限到期时,该 cookie 不再位于 Cookies 数组中,我的结果为 null。我正在尝试从 cookie 构建一个 FormsAuthenticationTicket 对象,以便能够检查过期的属性。像这样:
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
// check if previously authenticated session is now dead
if (authTicket != null && authTicket.Expired)
{
// send a Response indicating that they've expired.
}
但是,如果身份验证期限到期后 cookie 就消失了,我什至无法做到这一点。那么我做错了什么,或者那个cookie不应该在那里吗?如果没有,我该如何构建票证来检查“过期”属性?
非常感谢。
I'm trying to establish some authentication timeout expiration checking, and I'm noticing something a little strange. When the authentication period is still valid, the following code will give me a cookie:
HttpCookie authCookie = context.Request.Cookies[".ASPXAUTH"]; // .ASPXAUTH name defined in web.config
But when the authentication period has expired, the cookie is no longer in the Cookies array, and my result is null. I'm trying to build a FormsAuthenticationTicket object from the cookie, to be able to check the expired property. Like this:
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
// check if previously authenticated session is now dead
if (authTicket != null && authTicket.Expired)
{
// send a Response indicating that they've expired.
}
But if the cookie goes away once the authentication period has expired, I can't even get that far. So is there something I'm doing wrong, or is that cookie not supposed to be there? And if not, how am I supposed to build a ticket to even check the Expired property?
Thanks very much.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
cookie 具有您可以在配置文件中指定的过期超时值。关于 cookie 何时过期并没有太多警告;您可以构建一个流程来检查每个请求以查看哪个请求已过期。
但是,也要考虑该元素,这可能需要有效用户(非匿名),因此如果没有 cookie,您可能会被踢出。
在此了解更多相关信息:http://support.microsoft.com/kb/910443
The cookie has an expiration timeout value that you can specify in the configuration file. There isn't much warning about when the cookie expires; you could build a process that checks upon every request to see which request it expired on.
However, factor in the element too, which may require a valid user (not anonymous), so without the cookie you may get kicked out.
Read more about it here: http://support.microsoft.com/kb/910443
如果 FormsAuthenticationTicket 上的 isPersistent 设置为 false,则不会设置持久 cookie。当票证过期时,cookie 不会随请求一起发送,因此您无法访问它。
If isPersistent is set to false on the FormsAuthenticationTicket then a persistent cookie is not set. When the ticket expires the cookie is not sent with the request, therefore you cannot access it.