Asp.net 使用CookieAuthentication和SessionTimeout
我们目前正在构建一个MVC4应用程序,它使用Cookie身份验证,使用Owin,我们有这个in-out启动类Asp.net 使用CookieAuthentication和SessionTimeout,asp.net,asp.net-mvc,Asp.net,Asp.net Mvc,我们目前正在构建一个MVC4应用程序,它使用Cookie身份验证,使用Owin,我们有这个in-out启动类 public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user app.UseCookieAuthentication(new Cook
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(30) // users requested timeout be increased to 30 mins
});
//***************************** Specific to our App **************************************************
//This is requrired to tell AntiForgeryConfig to use NameIdentifier as a unique key to validate against
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
另一个从事此项目的开发人员希望在会话中存储一个值,但我们在调试时注意到会话超时设置为20分钟。我们可以同步它们,使它们具有相同的值吗?或者我们不应该将两者混合使用?您的会话超时在Web.config中处理,而Owin cookie超时则由库处理,如您在示例中所述 您的会话超时在web.config中设置如下:
<system.web>
<sessionState timeout="60" />
</system.web>
public class RedirectingActionAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var session = HttpContext.Current.Session["SessionVar"];
//Redirects user to login screen if session has timed out
if (session == null)
{
base.OnActionExecuting(filterContext);
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new
{
controller = "Home",
action = "Index"
}));
}
}
}
只要在作用域中调用具有以下ActionAttribute的控制器,就会调用上面的方法:
[RedirectingAction]
public class HomeController : Controller
{
//Controller code
}