C#Asp.net mvc身份,用户很快就退出了

时间:2016-03-28 10:35:52

标签: asp.net-mvc identity

我使用的是Asp.net身份会员资格。这是我的代码:

app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),  
        ExpireTimeSpan = TimeSpan.FromMinutes(45),
        Provider = new CookieAuthenticationProvider
        {
            // Enables the application to validate the security stamp when the user logs in.
            // This is a security feature which is used when you change a password or add an external login to your account.  
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, User>(
                validateInterval: TimeSpan.FromSeconds(0),
                regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))

        }
    });  

正如您所看到的,ExpireTimeSpan设置为45分钟,但在登录后,如果他没有发出任何http请求,用户可以在十分钟内快速注销。当我检查检查元素时,我看到以下内容: 登录后: enter image description here

十分钟后:

enter image description here

正如您所见,AspNet.ApplicationCookie已被_RequestVerificationToken取代,但会话ID仍然存在。

0 个答案:

没有答案