问题
I have below code
int intTimeout = (FormsAuthentication.Timeout.Hours * 60) +
FormsAuthentication.Timeout.Minutes;
var authTicket = new FormsAuthenticationTicket(1, Utility.userCookie, DateTime.Now,
DateTime.Now.AddMinutes(intTimeout), true, cookieValue);
string strEncryptedTicket = HttpUtility.UrlEncode(FormsAuthentication.Encrypt(authTicket));
var authCookie = new HttpCookie(Utility.userCookie, strEncryptedTicket);
authCookie.Expires = authTicket.Expiration;
//FormsAuthentication.RedirectFromLoginPage("", false);
authCookie.Secure = FormsAuthentication.RequireSSL;
//authCookie.Secure = true;
HttpContext.Current.Response.Cookies[Utility.userCookie].Expires = authTicket.Expiration;
HttpContext.Current.Response.Cookies[Utility.userCookie].Value = authCookie.Value;
Below web.config
<authentication mode="Forms">
<forms timeout="2" slidingExpiration="true" requireSSL="true" />
</authentication>
I keep hitting page link, still it expires in 2 minutes.
回答1:
Please pay attention to the structure of custom forms–based authentication in web.config:
<forms
name="name"
loginUrl="URL"
defaultUrl="URL"
protection="[All|None|Encryption|Validation]"
timeout="[MM]"
path="path"
requireSSL="[true|false]"
slidingExpiration="[true|false]">
enableCrossAppRedirects="[true|false]"
cookieless="[UseUri|UseCookies|AutoDetect|UseDeviceProfile]"
domain="domain name"
ticketCompatibilityMode="[Framework20|Framework40]">
<credentials>...</credentials>
</forms>
As you see, timeout property works based on minutes where you set it 2 (e.g. 2 minutes).
Generally, if you enable slidingExpiration in web.config. You have no need to regenerate a new cookie manually. For your scenario, I suggest you to use a trace tool e.g. Fiddler. When you refresh the page, you can check from Fiddler that whether the cookie expired time is reset.
I found a good example in Weird Timeouts With Custom ASPNETFormsAuthentication which can do some clearance for you.
回答2:
Try to remove this line from your code and try again:
HttpContext.Current.Response.Cookies[Utility.userCookie].Expires = authTicket.Expiration;
回答3:
In web.config file either remove <clear/> element or add following after <clear/> element if not present.
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
回答4:
Maybe the problem is related to lack of static machineKey section in the web.config file. when you call FormsAuthentication.Encrypt or FormsAuthentication.Decrypt, the methods use the machineKey values which is provided in the web.config file to perform the operation. if you do not provide strict values for machineKey, a new unique validationKey and decryptionKey would generate at the start point of the web application. sometimes depend on the server settings(for example small Idle-Time values for application pool settings), application is terminated before the expiration time of the FormsAuthenticationTicket. in this case because of the new machineKey values the Decrypt method can't validate the Ticket. I just recommend you to set a static machineKey.
see the following link: https://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.100).aspx
回答5:
In my application, I define cookieAuthenticationOptions in Startup.cs like this and it works fine
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromHours(1),
SlidingExpiration = true,
CookieHttpOnly = true,
CookieName = "App.Authentication",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
});
Do you define those options ?
Why you don't use the SignIn method of AuthenticationManager ?
来源:https://stackoverflow.com/questions/49254434/form-authentication-slidingexpiration-does-not-work