Find centralized, trusted content and collaborate around the technologies you use most.
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
有什么理由在经过身份验证的会话中间, .ASPXAUTH cookie 会改变它的值?
ASP.Net_SessionId 似乎没有在同一点更改其值(并且会话尚未过期)。
是否有一些规则规定 .ASPXAUTH cookie 值会定期更新或出于任何其他原因?
问题是我们正在交叉检查在会话期间它们不会更改的这些 cookie 的值,以防止 xss 或会话劫持。
The cookie is automatically reissued due to so called "sliding expiration". If your cookie is issued at time T and the cookie timeout is set to X minutes, then the first request made to the server at T + (X/2) causes the cookie to be reissued.