在线托管后的会员问题
我有一个购物车 asp.net 应用程序,目前我通过简单地创建一个包含 2 个字段用户名和密码的数据库表来管理登录系统,并在我的 web.config 文件中通过身份验证和授权标签将所有用户重定向到登录页面
<authentication mode="Forms" >
<forms defaultUrl="default.aspx" loginUrl="login1.aspx" cookieless="AutoDetect" ></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
并在我的登录页面上只需将用户输入的用户名/密码与数据库条目进行比较,如果用户正确调用将
FormsAuthentication.RedirectFromLoginPage(username, true);
用户重定向到主页的函数,它在我的本地系统上运行得很好,我没有问题。但最近我在线托管了我的应用程序我的登录系统有问题。当我登录时该网站还可以,但一段时间后,用户会自动从网站中被抛出到登录页面,他必须再次登录。
I have a shopping cart asp.net application presently i manage login system by simply making a DB table with 2 field username and password and in my web.config file redirect all the user to login page by authentication and authorization tag
<authentication mode="Forms" >
<forms defaultUrl="default.aspx" loginUrl="login1.aspx" cookieless="AutoDetect" ></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
and on my login page simply compare username/pwd entered by user with database entry and if the user is correct calling the function
FormsAuthentication.RedirectFromLoginPage(username, true);
that redirect the user to home page it works very fine on my local system and i have no issue.But recently i hosted my application online and there is some issue with my login system.When i login into the site its ok but after some time user is automatically thrown out of site to the login page and he has to login again.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
听起来您的用户正面临 cookie 过期的问题。将以下属性添加到您的
默认情况下,滑动过期应设置为 true,但如果不是,则在用户登录后 30 分钟后,无论是否启用,其身份验证都会过期从那时起他们就访问过其他网站页面。默认情况下,超时期限也应设置为自上次刷新后 30 分钟,因此如果您的用户空闲 30 分钟,他们将必须更新身份验证 cookie 才能访问受保护的内容。您可以将其扩展为您喜欢的任何值,例如上例中的“60”。
您可以在 MSDN 参考页面找到有关这些属性的更多信息。
It sounds like your users are bumping up against a cookie expiry. Add the following attributes to your
<forms>element:By default, sliding expiration SHOULD be set to true, but if it's not, 30 minutes after a user logs in, their authentication will expire no matter if they've visited other site pages since that time. By default, the timeout period is also supposed to be set to 30 minutes from last refresh, so if your user is idle for 30 minutes, they will have to renew the authentication cookie in order to access secured content. You can extend this to whatever value you like, such as "60" in the above example.
You can find out more about these attributes at the MSDN reference page.