ASP.NET 表单身份验证中的“记住我”功能不起作用
我正在使用 ASP.NET 表单身份验证将用户登录到我们正在开发的网站。
该功能的一部分是“记住我”复选框,如果用户选中它,它会记住用户一个月。
用于登录用户的代码如下:
public static void Login(HttpResponse response, string username,
bool rememberMeChecked)
{
FormsAuthentication.Initialize();
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(1, username, DateTime.Now,
DateTime.Now.AddMinutes(30), rememberMeChecked,
FormsAuthentication.FormsCookiePath);
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(tkt));
ck.Path = FormsAuthentication.FormsCookiePath;
if (rememberMe)
ck.Expires = DateTime.Now.AddMonths(1);
response.Cookies.Add(ck);
}
web.config 中的相关部分是这样的:
<authentication mode="Forms">
<forms loginUrl="Home.aspx" defaultUrl="~/" slidingExpiration="true" timeout="43200" />
</authentication>
这可以很好地记录用户,但如果他们不使用该网站,则在半小时后将其注销,尽管其持久性属性(rememberMeChecked ) 设置为 true,如果为 true,则 cookie 将设置为在一个月后过期。我在这里缺少什么吗?
提前致谢, F
I'm using ASP.NET forms authentication for logging users into a website we're developing.
Part of the functionality is a "Remember me" checkbox which remembers the user for a month if they check it.
The code for logging the user in is as follows:
public static void Login(HttpResponse response, string username,
bool rememberMeChecked)
{
FormsAuthentication.Initialize();
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(1, username, DateTime.Now,
DateTime.Now.AddMinutes(30), rememberMeChecked,
FormsAuthentication.FormsCookiePath);
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(tkt));
ck.Path = FormsAuthentication.FormsCookiePath;
if (rememberMe)
ck.Expires = DateTime.Now.AddMonths(1);
response.Cookies.Add(ck);
}
The relevant section in the web.config is this:
<authentication mode="Forms">
<forms loginUrl="Home.aspx" defaultUrl="~/" slidingExpiration="true" timeout="43200" />
</authentication>
This logs the user fine but logs them out after half an hour if they don't use the site, although its persistence property (rememberMeChecked) is set to true and if it is true, the cookie is set to expire after a month. Is there something I'm missing here?
Thanks in advance,
F
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
即使 cookie 本身会在 30 天后过期,您的身份验证票证似乎仍配置为在半小时后过期。您可能还必须延长票证的有效期:
It looks like your authentication ticket is still configured to expire after half an hour, even if the cookie itself expires in 30 days. You probably have to extend the ticket's lifetime too:
尝试设置 Name 属性web.config 中的 forms 标记
此外, Firecookie 在调试方面非常出色这类问题
只需再次阅读您的代码,您还在票证构造函数中指定了
DateTime.Now.AddMinutes(30)...必须检查这是否会影响它Try setting the Name attribute of the forms tag in your web.config
Also, Firecookie is awesome at debugging these sorts of issues
Just reading through your code again, you've also specified
DateTime.Now.AddMinutes(30)in your ticket constructor...have to check whether that effects it在我看来,您正在检查“rememberMe”,而不是您传递的名为“rememberMeChecked”的变量。
It looks to me that you're checking "rememberMe" rather than the variable you passed called "rememberMeChecked".
您已在
FormsAuthenticationTicket的构造函数中指定DateTime.Now.AddMinutes(30)。这就是设置登录到期时间的原因。You have specified
DateTime.Now.AddMinutes(30)in the constructor forFormsAuthenticationTicket. This is what is setting the expiry for the login.我意识到身份验证票必须更新,而不仅仅是读取。我的 Application_BeginRequest 方法现在看起来像这样:
这似乎已经解决了。
I realised that the authentication ticket had to be renewed, not only read. My Application_BeginRequest method looks like this now:
That seems to have taken care of it.