0

我改成ExpireTimeSpan30 分钟或 30 天都没关系。使用任何值,用户将在大约 30 分钟后被重定向到登录页面。

这是我在其中配置它的方式Startup.Auth.cs

app.UseCookieAuthentication(new CookieAuthenticationOptions {
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
    LoginPath = new PathString("/dash/account/login"),
    LogoutPath = new PathString("/dash/account/logout"),
    CookieName = "example_auth",
    CookieSameSite = SameSiteMode.Lax,
    CookieHttpOnly = true,
    CookieSecure = CookieSecureOption.SameAsRequest,
    CookieManager = new SameSiteCookieManager(new SystemWebCookieManager()),
    ExpireTimeSpan = TimeSpan.FromHours(12),
    Provider = new CookieAuthenticationProvider {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<AppUserMgr, AppUser>(
            validateInterval: TimeSpan.FromHours(24),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

我猜这个 CookieManager 会引发问题:

public class SameSiteCookieManager : ICookieManager {
    private readonly ICookieManager _innerManager;

    public SameSiteCookieManager() : this(new CookieManager()) { }

    public SameSiteCookieManager(ICookieManager innerManager) {
        _innerManager = innerManager;
    }

    public void AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options) {
        CheckSameSite(context, options);
        _innerManager.AppendResponseCookie(context, key, value, options);
    }

    public void DeleteCookie(IOwinContext context, string key, CookieOptions options) {
        CheckSameSite(context, options);
        _innerManager.DeleteCookie(context, key, options);
    }

    public string GetRequestCookie(IOwinContext context, string key) {
        return _innerManager.GetRequestCookie(context, key);
    }

    private void CheckSameSite(IOwinContext context, CookieOptions options) {
        if (options.SameSite == SameSiteMode.None && BrowserDetection.DisallowsSameSiteNone(context.Request.Headers["User-Agent"])) {
            options.SameSite = null;
        }
    }
}

更新:我发现我什至可以将它减少到 2 分钟并且它可以工作,但是如果我将它增加到 120 分钟,它并不在意,并且 cookie 在将近 30 分钟后过期

4

0 回答 0