1

I make a website with asp.net and it works fine. but sometimes it kick users out of their account with out any reason. I mention in my web config for session and web form time out. but it happen again. and also my data for the sessions are not too much.for example a word!(journal x). can any body help me?... I become confused! here is my web config:

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <appSettings>
    <add key="ChartImageHandler" value="storage=session;timeout=5;" />
  </appSettings>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />


    <handlers>
      <remove name="ChartImageHandler" />
      <add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST"
        path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </handlers>
  </system.webServer>
  <system.net>

    <mailSettings>
      <smtp from="waag@waag.ir">
        <network host="mail.waag.ir" port="25" userName="*****" password="*****"/>
      </smtp>
    </mailSettings>
  </system.net>
  <connectionStrings>

    <!--<add name="dbconn" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
        <add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>-->


    <add name="dbconn" connectionString="Password=****;Persist Security Info=True;User ID=****;Initial Catalog=esfahanhost_****;Data Source=174.142.4.132" providerName="System.Data.SqlClient" />

    <remove name="LocalSqlServer"/>

    <add name="LocalSqlServer" connectionString="Password=****;Persist Security Info=True;User ID=****;Initial Catalog=esfahanhost_****;Data Source=174.142.4.132" providerName="System.Data.SqlClient" />


  </connectionStrings>
  <system.web>





    <httpHandlers>
      <add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
        validate="false" />
    </httpHandlers>
    <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="15">

      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="dbconn"
           enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
           maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
           applicationName="/" />

      </providers>
    </membership>


    <sessionState mode="InProc" timeout="30"/>
    <roleManager enabled="true"/>
    <authentication mode="Forms">  
      <forms timeout="30" slidingExpiration="true" name="AC7.ASPXAUTH" />
    </authentication>

      <compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
        <assemblies>

          <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
          <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
          <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        </assemblies>
      </compilation>
      <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false">
          <controls>
              <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting"
                  assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          </controls>

      </pages>

  </system.web>

</configuration>
4

1 回答 1

0

登录信息存储在一个 cookie 中,如果您没有在 web.config 上为 cookie 设置域并且您从例如移动www.domain.comdomain.comcookie 将无法正常工作并且可能会注销。

因此domain,将表单标签上的设置为(不要放置 www):

<authentication mode="Forms">  
  <forms domain="yoursitename.com" timeout="30" slidingExpiration="true" name="AC7.ASPXAUTH" />
</authentication>

还要在标签和 cookie 标签上设置域。roleManager

更多阅读内容:
一些黑客可以从用户那里窃取 cookie 并在网站上使用该名称登录吗?
使用相同登录数据库的多个应用程序相互注销

于 2012-12-10T14:56:25.213 回答