我正在使用 ASP.Net 身份验证来控制我的应用程序授权,我需要在指定的不活动分钟后终止用户会话,我尝试通过执行以下方法来实现这一点
public void ConfigureAuth(IAppBuilder app) {
app.CreatePerOwinContext<UserStore>(() => new UserStore());
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/login"),
LogoutPath = new PathString("/logout"),
CookieDomain = ConfigurationManager.AppSettings["CookieDomain"],
Provider = new CookieAuthenticationProvider {
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(2),
regenerateIdentity: (manager, user) => manager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie)
)
},
SlidingExpiration = true,
});
}
我也尝试过这种方法
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/login"),
LogoutPath = new PathString("/logout"),
CookieDomain = ConfigurationManager.AppSettings["CookieDomain"],
ExpireTimeSpan = TimeSpan.FromMinutes(2),
SlidingExpiration = true,
});
无论用户是否在站点中处于活动状态,使用这些 aproches 用户 cookie 会话都会在 2 分钟后过期。我在文档中读到,通过设置 SlidingExpiration = true
cookie 将在 ExpireTimeSpan 中途的任何请求上重新发出。例如,如果用户登录并在 16 分钟后发出第二个请求,则 cookie 将在 30 分钟后重新发出。如果用户登录并在 31 分钟后发出第二次请求,则会提示用户登录。
我不知道为什么它不起作用,有什么想法吗?