会话超时不起作用(在 web.config 中设置)
Session timeout does not work ( is set in web.config )
我使用 ClaimsIdentity Framework 在我的一个应用程序中设置了身份验证。
我将这些行添加到 web.config 文件中,如 this question 中所述。
<sessionState
mode="InProc"
timeout="1" />
我让应用程序 运行 过夜了,但我仍然处于登录状态。
我想将会话超时设置为 30 分钟,有什么建议吗?
ASP.NET MVC 版本:5.2.3.0
根据 ASP.Net-Identity-Cookie-Authentication-Timeouts,您应该使用 Identity 的 UseCookieAuthentication() 参数来设置超时。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(15),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
},
SlidingExpiration = false,
ExpireTimeSpan = TimeSpan.FromMinutes(30)
});
CookieAuthenticationOptions.ExpireTimespan is the option that allows you to set how long the issued cookie is valid for. In the example above, the cookie is valid for 30 minutes from the time of creation. Once those 30 minutes are up the user will have to sign back in becuase the SlidingExpiration is set to false.
If SlidingExpiration is set to true then the cookie would be re-issued on any request half way through the ExpireTimeSpan. For example, if the user logged in and then made a second request 16 minutes later the cookie would be re-issued for another 30 minutes. If the user logged in and then made a second request 31 minutes later then the user would be prompted to log in.
我使用 ClaimsIdentity Framework 在我的一个应用程序中设置了身份验证。
我将这些行添加到 web.config 文件中,如 this question 中所述。
<sessionState
mode="InProc"
timeout="1" />
我让应用程序 运行 过夜了,但我仍然处于登录状态。 我想将会话超时设置为 30 分钟,有什么建议吗?
ASP.NET MVC 版本:5.2.3.0
根据 ASP.Net-Identity-Cookie-Authentication-Timeouts,您应该使用 Identity 的 UseCookieAuthentication() 参数来设置超时。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(15),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
},
SlidingExpiration = false,
ExpireTimeSpan = TimeSpan.FromMinutes(30)
});
CookieAuthenticationOptions.ExpireTimespan is the option that allows you to set how long the issued cookie is valid for. In the example above, the cookie is valid for 30 minutes from the time of creation. Once those 30 minutes are up the user will have to sign back in becuase the SlidingExpiration is set to false.
If SlidingExpiration is set to true then the cookie would be re-issued on any request half way through the ExpireTimeSpan. For example, if the user logged in and then made a second request 16 minutes later the cookie would be re-issued for another 30 minutes. If the user logged in and then made a second request 31 minutes later then the user would be prompted to log in.