我尝试使用web.config和UseCookieAuthentication()方法上的设置,如下面列出的网络上的许多主题所示:
Session timeout does not work ( is set in web.config )
How to set session timeout in web.config
mvc 5 session timeout after default period (20 mins)
但是,尝试将会话超时更改为1分钟(用于测试)这些配置或方法中的所有选项没有任何意义,我不确定错误在哪里。以下是我改变的下面的配置。有什么想法解决这个问题吗?我还需要弄清楚在MVC应用程序中设置会话超时的最佳想法是:在web.config 中还是在Auth类中?
的web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" executionTimeout="60" />
<sessionState mode="InProc" timeout="1" />
<!-- For LDAP -->
<httpCookies httpOnlyCookies="true" />
<authentication mode="Forms">
<!-- Note: I also remove this part and try with only "sessionState" -->
<forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="1"
slidingExpiration="false" protection="All" />
</authentication>
</system.web>
Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
// Code removed for brevity.
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(1),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(1));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
答案 0 :(得分:4)
如果您使用ASP.NET Identity,则无需使用web.config中的设置。只需将这两行添加到UseCookieAuthentication()方法中,如下所示:
....,
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(1)
...
因此,您方法的最终代码如下所示:
<强> Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
// Code removed for brevity.
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(1) //Set the session timeout at here
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(1));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
有关详细信息,请访问ASP.NET-Identity-Cookie-Authentication-Timeouts。希望这会有所帮助...