0

我有一个我创建的 cookie:

   FormsAuthentication.SetAuthCookie(e.EmployeID.ToString(), true);

有了这个,我希望在我明确退出之前保持登录状态,但在 30 分钟左右后,我必须重新登录。

这是我的身份验证课程:

    public static class Authorization
    {
        public static bool Login(string username, string password, bool persist)
        {
            Employee e = ResourceManager.GetEmployeeByEmail(username);

            if (e == null || !ResourceManager.VerifyEmployeePassword(e.EmployeID, password))
            {
                return false;
            }

            FormsAuthentication.SetAuthCookie(e.EmployeID.ToString(), persist);
            return true;
        }

        public static void Logout()
        {
            FormsAuthentication.SignOut();
        }

        public static string GetUserId()
        {
            return HttpContext.Current.User.Identity.Name;
        }

        public static string GetUsername()
        {
            return GetEmployee().EmployeEmail;
        }

        public static bool IsAuthenticated()
        {
            return HttpContext.Current.User.Identity.IsAuthenticated;
        }

        public static Employee GetEmployee()
        {
            int id = 0;
            int.TryParse(GetUserId(), out id);
            return ResourceManager.GetEmployee(id);
        }

        public static bool IsAdministrator()
        {
            if (!IsAuthenticated())
            {
                return false;
            }

            Employee e = GetEmployee();

            if (e != null)
            {
                return SecurityManager.IsEmployeeAdmin((e.EmployeID));
            }

            return false;
        }
    }
}

有什么问题吗?

I have this in my web config:
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
      </assemblies>
    </compilation>
    <authentication mode="Forms" />
    <webServices>
      <protocols>
        <add name="HttpGet" />
        <add name="HttpPost" />
      </protocols>
    </webServices>
4

1 回答 1

2

除非另有说明,否则auth cookie 的默认超时值为 30 分钟。

由于您声称在 30 分钟后退出,因此建议我您没有另行指定。

为此,您必须在 web.config 文件timeout中设置元素的属性。<form />

例如: -

<authentication mode="Forms">
  <forms loginUrl="~/login.aspx" timeout="2880" />
</authentication>
于 2013-04-26T15:41:17.870 回答