如何获取表单身份验证票据以尊重cookie过期日期

时间:2014-03-21 16:07:25

标签: asp.net-mvc asp.net-mvc-3

我遇到了一个问题,我的网站登录会话的用户在此之前就已过期了。

这是我的登录方法“

public ActionResult Login(LoginModel model, string returnUrl)
{
    var mcookie = new MyCompanyCookie();

    if (ModelState.IsValid)
    {
        using (var myRepo = new MyCompanyRepositry())
        {
            var passwordHash = MyCompany.Web.Portal.Helpers.Security.CreatePasswordHash(model.Password);

            var userAccount = myRepo.GetMyCompanyUser(model.UserName,model.PartnerAccessCode);

            if(userAccount != null && userAccount.Password == passwordHash && userAccount.PartnerAccessCode == model.PartnerAccessCode.ToUpper())
            {
                mcookie.GetMMformsauthentication(userAccount, model.RememberMe);


                   return RedirectToLocal(returnUrl);
            }
            else
            {
                ModelState.AddModelError("", "The user name,access code or password provided is incorrect.");
            }


        }

表格认证券:

public void GetMMformsauthentication(UserAccount useraccount,bool createPersistentCookie)     {         const string UnknownUsername =“anonymous”; 

    // Composing UserData to be stored in the auth cookie
    var userCookieData = new MarvMentUserCookieData()
    {
        UserId = useraccount.UserID,
        Password = useraccount.Password,
        PartnerAccessCode = useraccount.PartnerAccessCode
    };

    var ticket = new FormsAuthenticationTicket(1, string.IsNullOrEmpty(useraccount.UserID) ? UnknownUsername : useraccount.UserID, DateTime.Now,
                                                                     DateTime.Now.AddDays(100), createPersistentCookie, userCookieData.ToString(), FormsAuthentication.FormsCookiePath);
    var hashedCookie = FormsAuthentication.Encrypt(ticket);

    HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

    var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashedCookie); // Hashed ticket
    authCookie.HttpOnly = true;
    authCookie.Expires = ticket.Expiration;
    authCookie.Path = ticket.CookiePath;
    authCookie.Secure = false;
    HttpContext.Current.Response.SetCookie(authCookie);
}

}

mymy Web.config中的过期设置

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

在这里,您可以看到表格到期设置设置为2880分钟,但用户在大约5-10分钟后退出。

Cookie设置为100天后到期

有没有人知道可能导致此问题的原因?

1 个答案:

答案 0 :(得分:0)

看起来问题不在于身份验证标记中的会话。只需检查如果评论了cookies内容会发生什么......如果Session保留了更长时间,那么请关注cookie内容。

相关问题
最新问题