Cookie 不持久
我的 cookie 有问题。我通过 LDAP 对用户进行身份验证,只要浏览器保持打开状态,用户就不必重新登录该工具。他们甚至可以关闭选项卡,只要浏览器打开就可以。
但当用户关闭浏览器时,cookie 就会被删除。我在谷歌上搜索了很多这个问题,但我无法找到任何可行的解决方案,例如 这个或那个。
他们在我的登录页面上进行身份验证后,这是我的设置:
String encryptedTicket = FormsAuthentication.Encrypt(authTicket);
//Create a cookie, and then add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//Add expiration date to the cookie
authCookie.Expires = DateTime.Now.AddMonths(1);
//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
//You can redirect now.
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);
我的 Web.Config 如下所示:
无论我做什么,ASP.NET_SessionId 和 adAuthCookie cookie 总是设置为“当我关闭浏览器时”过期。 我希望避免我的用户在关闭浏览器时始终必须登录,而只需每月登录一次。
I've got an issue with my cookies. I'm authenticating users through LDAP and as long as the browser remains open users don't have to log back into the tool. They can even close the tab that's fine so long as the browser is open.
But the cookie gets removed the moment the user closes the browser. I've searched google a lot for this and I can't get any of the solutions to work such as this one or that one for example.
Here's my setup once they authenticate on my logon page:
String encryptedTicket = FormsAuthentication.Encrypt(authTicket);
//Create a cookie, and then add the encrypted ticket to the cookie as data.
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//Add expiration date to the cookie
authCookie.Expires = DateTime.Now.AddMonths(1);
//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
//You can redirect now.
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);
My Web.Config looks like this:
<authentication mode="Forms">
<forms loginUrl="Logon.aspx" timeout="43200" name="adAuthCookie" path="/" slidingExpiration="true" />
</authentication>
Whatever I do the ASP.NET_SessionId and adAuthCookie cookies are always set to expire "When I close my browser".
I want to avoid my users to always have to login when they close their browser and instead just do it once a month.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
确保浏览器未设置为在关闭时删除 cookie。在安全选项中的某个地方有这样的偏执设置(我认为在 IE 中是高级 -> 安全 -> 空临时文件夹...)
使用 Fiddler 或其他工具来确保将具有正确过期时间的 cookie 发送到浏览器。通过这种方式,您可以验证错误是在服务器端还是客户端。
Make sure browser is not set to delete cookies on close. There is such paranoid setting somewher in security options (I think in IE it is Advanced -> Security ->Empty temporary folders...)
Use Fiddler or other tool to make sure you send cookies with correct expiration to the browser. This way you verify where error is server or client side.
听起来您需要在 web.config 中设置 machineKey。
如果未在其中或 machine.config 中指定,它将在启动时生成并在每次重新启动网站时重置,从而使 cookie 中的加密失效。
machineKey 元素
Sounds like you need to set a machineKey in your web.config.
If one is not specified either there or machine.config, it will be generated on start up and reset everytime the website is restarted, invalidating the encryption in the cookie.
machineKey element