0

在表单身份验证票被更新并且旧票已过期后,我遇到了用户被踢出的问题。我登录时得到的第一张票是:

门票:A094D6F0401A5B6D97688198B09F17B03D209............结束:2013 年 3 月 28 日星期四 08:56:33 GMT

一段时间后,票被更新,我得到了这个 cookie:(当票过期时,cookie 过期,所以没有问题)

票务:215373E662852AD0CC540AC27F547787......结束:2013 年 3 月 28 日星期四 08:58:17 GMT

此票证由后台的 javascript 重新加载器为用户更新。现在,如果我更新页面,我将被踢出,为什么?当我更新票时,我使用这个:

        var Id = (FormsIdentity)HttpContext.Current.User.Identity;
        var Ticket = Id.Ticket;

        var NewAuthTicket = FormsAuthentication.RenewTicketIfOld(Ticket);

        HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(NewAuthTicket), new[] {""});

        if (NewAuthTicket != null && NewAuthTicket.Expiration > Ticket.Expiration)
        {
            // Create the (encrypted) cookie.
            var ObjCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
                                           FormsAuthentication.Encrypt(NewAuthTicket))
                                {
                                    HttpOnly = true,
                                    Expires = NewAuthTicket.Expiration,
                                    Secure = FormsAuthentication.RequireSSL
                                };
            // Add the cookie to the list for outbound response. 
            HttpContext.Current.Response.Cookies.Add(ObjCookie);
            Ticket = NewAuthTicket;
         }

有什么解决办法吗?

更新:

当我第一次设置 cookie 时,我使用这个:

var ExpiryDate = !rememberMe ? DateTime.Now.AddMinutes(cookieTimeoutHour) : DateTime.Now.AddYears(1);

                //create a new forms auth ticket
                var Ticket = new FormsAuthenticationTicket(2, ui.UserNr.ToString(CultureInfo.InvariantCulture), DateTime.Now, ExpiryDate, true, String.Empty);
                //encrypt the ticket
                var EncryptedTicket = FormsAuthentication.Encrypt(Ticket);
                //create a new authentication cookie - and set its expiration date
                var AuthenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket)
                                               {
                                                   Expires = Ticket.Expiration,
                                                   HttpOnly = true,
                                                   Secure = FormsAuthentication.RequireSSL
                                               };


                Current.Response.Cookies.Add(AuthenticationCookie);
4

1 回答 1

0

当客户端页面上的简单保持活动将使表单身份验证cookie保持活动状态时,为什么要付出所有努力呢?

jQuery 示例:

$(function() {
    window.setInterval(keepalive, 600000); // run keepalive every 10 mins
});

function keepalive()
{
   $.get({url:'/myemptykeepalivepage.aspx',cache:false});
}

当客户端关闭浏览器时,间隔功能被取消,瞧,表单身份验证票将自然过期。

于 2013-03-28T09:26:48.400 回答