问题
I have an ASP.NET 4 site. I'v set timeout to 100 minutes in authentication in web.Config, but when users are working with site suddenly the site prompts to log in even after 3 minutes. The below code is my web.Config file
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<appSettings>
<add key="ImageMaxFileLengh" value="500" />
</appSettings>
<system.web>
<pages enableViewStateMac="false"></pages>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Speech, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms defaultUrl="~/Default.aspx" loginUrl="~/Account/Login.aspx" timeout="100" name="HajLogin" slidingExpiration="true" />
</authentication>
<!--<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear />
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear />
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>-->
<httpHandlers>
<add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" verb="*" validate="false" />
</httpHandlers>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="Telerik_Web_UI_WebResource_axd" verb="*" preCondition="integratedMode" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource" />
</handlers>
</system.webServer>
</configuration>
回答1:
Make sure you are not creating a FormsAuthenticationTicket within your code. This would override the timeout value you have configured in your web.config. if you are doing something like this in your code, it could be the reason of why it is not working:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
...
DateTime.Now, // issueDate
DateTime.Now.AddMinutes(30), // expiration
...
);
In case you are not doing the above, take a look at your SessionTimeout. Try increasing it as well.
Regards.
回答2:
Please don't confuse the timeout to authenticate with the timeout for your session.
You're giving your form 1000 to timeout when seeking authentication. Once it authenticates, you are not looking at this variable for the authenticated session to expire.
Here are some good links describing the difference:
- Link 1
- Link 2 (Stack Overflow)
Here is a good link describing setting the session timeout in forms authentication:
- Link 3
回答3:
The Timeout property in the Forms tag specifies the amount of minutes the persistent cookie is valid when the remember me checkbox is checked.
来源:https://stackoverflow.com/questions/13144868/timeout-in-authentication-does-not-work-properly