这是使用 asp.net core 3.0 的网站。我使用CookieAuthentication并设置 cookie 过期时间如下:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Home/Index/";
options.ReturnUrlParameter = "returnUrl";
options.Cookie.Name = "pa-lg";
options.Cookie.IsEssential = true;
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromHours(1);
});
services.AddAntiforgery(options =>
{
options.HeaderName = "X-CSRF-TOKEN";
options.Cookie.Name = "pa-tk";
options.Cookie.IsEssential = true;
options.Cookie.Expiration = TimeSpan.FromHours(1);
});
services.Configure<CookieTempDataProviderOptions>(options => options.Cookie.Name = "pa-tmp");
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(1);
});
在登录操作中:
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
principal,
new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.Now.AddMinutes(60)
});
我预计,如果您一个小时没有使用该网站,您将需要再次登录,但大约 15 分钟后,用户将需要登录。
为什么?
我在这里找到了解决方案:
\nAsp.Net core \xe2\x80\x9cremember me\xe2\x80\x9d 持久 cookie 在部署后不起作用
\n在已解决的问题中添加以下代码Startup:
public Startup(IConfiguration configuration, IWebHostEnvironment environment)\n{\n Configuration = configuration;\n Environment = environment;\n}\n \npublic IConfiguration Configuration { get; }\npublic IWebHostEnvironment Environment { get; }\n \nservices.AddDataProtection()\n .SetApplicationName($"my-app-{Environment.EnvironmentName}")\n .PersistKeysToFileSystem(new DirectoryInfo($@"{Environment.ContentRootPath}\\keys"));\n| 归档时间: |
|
| 查看次数: |
7708 次 |
| 最近记录: |