我有一个问题,即在续订表单身份验证票证并且旧票证已过期后用户被踢出。 我登录时获得的第一张机票是:
票证:A094D6F0401A5B6D97688198B09F17B03D209 ............ 结束:星期四,2013年3月28日08:56:33 GMT
一段时间后,机票更新了,我得到了这个cookie :(当票证到期时,cookie过期,所以没问题)
票证:215373E662852AD0CC540AC27F547787 ............. 结束:星期四,2013年3月28日08:58:17 GMT
此故障单由用户后台的javascript重新加载器续订。现在,如果我更新页面,我会被踢出去,为什么? 当我更新机票时,我使用它:
var Id = (FormsIdentity)HttpContext.Current.User.Identity;
var Ticket = Id.Ticket;
var NewAuthTicket = FormsAuthentication.RenewTicketIfOld(Ticket);
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(NewAuthTicket), new[] {""});
if (NewAuthTicket != null && NewAuthTicket.Expiration > Ticket.Expiration)
{
// Create the (encrypted) cookie.
var ObjCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(NewAuthTicket))
{
HttpOnly = true,
Expires = NewAuthTicket.Expiration,
Secure = FormsAuthentication.RequireSSL
};
// Add the cookie to the list for outbound response.
HttpContext.Current.Response.Cookies.Add(ObjCookie);
Ticket = NewAuthTicket;
}
有没有解决方案?
的更新: 的
当我第一次设置cookie时,我使用它:
var ExpiryDate =!rememberMe? DateTime.Now.AddMinutes(cookieTimeoutHour):DateTime.Now.AddYears(1);
//create a new forms auth ticket
var Ticket = new FormsAuthenticationTicket(2, ui.UserNr.ToString(CultureInfo.InvariantCulture), DateTime.Now, ExpiryDate, true, String.Empty);
//encrypt the ticket
var EncryptedTicket = FormsAuthentication.Encrypt(Ticket);
//create a new authentication cookie - and set its expiration date
var AuthenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket)
{
Expires = Ticket.Expiration,
HttpOnly = true,
Secure = FormsAuthentication.RequireSSL
};
Current.Response.Cookies.Add(AuthenticationCookie);
答案 0 :(得分:0)
为什么在客户端页面上使用简单的keep-alive会使表单身份验证cookie保持活动状态时能够完成所有工作?
jQuery示例:
$(function() {
window.setInterval(keepalive, 600000); // run keepalive every 10 mins
});
function keepalive()
{
$.get({url:'/myemptykeepalivepage.aspx',cache:false});
}
当客户端关闭浏览器时,间隔功能被取消,表单认证票将自然到期。