会话超时在ASP.NET MVC中不起作用

时间:2016-03-24 09:04:18

标签: asp.net-mvc session authentication session-cookies session-state

我尝试使用web.config和UseCookieAuthentication()方法上的设置,如下面列出的网络上的许多主题所示:

Session timeout does not work ( is set in web.config )

How to set session timeout in web.config

mvc 5 session timeout after default period (20 mins)

但是,尝试将会话超时更改为1分钟(用于测试)这些配置或方法中的所有选项没有任何意义,我不确定错误在哪里。以下是我改变的下面的配置。有什么想法解决这个问题吗?我还需要弄清楚在MVC应用程序中设置会话超时的最佳想法是:在web.config 中还是在Auth类中

的web.config:

<system.web>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" executionTimeout="60" />

    <sessionState mode="InProc" timeout="1" />    

    <!-- For LDAP -->
    <httpCookies httpOnlyCookies="true" />
    <authentication mode="Forms">

        <!-- Note: I also remove this part and try with only "sessionState" -->
        <forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="1" 
            slidingExpiration="false" protection="All" />
    </authentication>
</system.web>


Startup.Auth.cs:

public void ConfigureAuth(IAppBuilder app)
{
    // Code removed for brevity.

    // Configure the sign in cookie
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider
        {
            // Enables the application to validate the security stamp when the user logs in.
            // This is a security feature which is used when you change a password or add an external login to your account.  
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                validateInterval: TimeSpan.FromMinutes(1),
                regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
        }
    });            
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

    app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(1));
    app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);        
}

1 个答案:

答案 0 :(得分:4)

如果您使用ASP.NET Identity,则无需使用web.config中的设置。只需将这两行添加到UseCookieAuthentication()方法中,如下所示:

....,
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(1)
...

因此,您方法的最终代码如下所示:


<强> Startup.Auth.cs:

public void ConfigureAuth(IAppBuilder app)
{
    // Code removed for brevity.

    // Configure the sign in cookie
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider
        {
            // Enables the application to validate the security stamp when the user logs in.
            // This is a security feature which is used when you change a password or add an external login to your account.  
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                validateInterval: TimeSpan.FromMinutes(30),
                regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
        },            
        SlidingExpiration = true, 
        ExpireTimeSpan = TimeSpan.FromMinutes(1) //Set the session timeout at here
    });            
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

    app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(1));
    app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);        
}


有关详细信息,请访问ASP.NET-Identity-Cookie-Authentication-Timeouts。希望这会有所帮助...