C# 登录ASP.NET网站并刷新页面后，httpContext.Request不会'；不包含验证cookie_C#_Asp.net_Cookies_Forms Authentication_Production

C# 登录ASP.NET网站并刷新页面后，httpContext.Request不会'；不包含验证cookie

c# asp.net cookies

C# 登录ASP.NET网站并刷新页面后，httpContext.Request不会'；不包含验证cookie,c#,asp.net,cookies,forms-authentication,production,C#,Asp.net,Cookies,Forms Authentication,Production,晚上好, 我有一个在ASP.NET上运行的网站，登录在localhost上运行得非常好，但在生产环境中却失败了：如果用户登录并刷新页面，那么他将被强制注销。经过一些调查后，我发现这是由于auth cookie造成的，它只是没有出现在_httpContext.Request中的cookie列表中（在方法GetAuthenticatedCustomer（）中，因为缺少auth cookie，_httpContext.Request.IsAuthenticated为false，方法返回null）。然而

晚上好,

我有一个在ASP.NET上运行的网站，登录在localhost上运行得非常好，但在生产环境中却失败了：如果用户登录并刷新页面，那么他将被强制注销。经过一些调查后，我发现这是由于auth cookie造成的，它只是没有出现在_httpContext.Request中的cookie列表中（在方法GetAuthenticatedCustomer（）中，因为缺少auth cookie，_httpContext.Request.IsAuthenticated为false，方法返回null）。然而，我可以在浏览器中看到这个cookie，域属性设置正确，它没有过期，即使我手动设置过期日期，事情也不会改变。使用FormsAuthentication.SetAuthCookie（name，true）也没有帮助

以下是我的FormsAuthenticationService代码的一部分：

public virtual void SignIn(Customer customer, bool createPersistentCookie)
    {
        var now = DateTime.UtcNow.ToLocalTime();

        var ticket = new FormsAuthenticationTicket(
            1 /*version*/,
            _customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
            now,
            now.Add(_expirationTimeSpan),
            createPersistentCookie,
            _customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
            FormsAuthentication.FormsCookiePath);

        var encryptedTicket = FormsAuthentication.Encrypt(ticket);

        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
        cookie.HttpOnly = true;
        if (ticket.IsPersistent)
        {
            cookie.Expires = ticket.Expiration;
        }
        cookie.Secure = FormsAuthentication.RequireSSL;
        cookie.Path = FormsAuthentication.FormsCookiePath;
        if (FormsAuthentication.CookieDomain != null)
        {
            cookie.Domain = FormsAuthentication.CookieDomain;
        }

        _httpContext.Response.Cookies.Add(cookie);
        _cachedCustomer = customer;
    }

    public virtual void SignOut()
    {
        _cachedCustomer = null;
        FormsAuthentication.SignOut();
    }

    public virtual Customer GetAuthenticatedCustomer()
    {
        if (_cachedCustomer != null)
            return _cachedCustomer;

        if (_httpContext == null ||
            _httpContext.Request == null ||
            !_httpContext.Request.IsAuthenticated ||
            !(_httpContext.User.Identity is FormsIdentity))
        {
            return null;
        }

        var formsIdentity = (FormsIdentity)_httpContext.User.Identity;
        var customer = GetAuthenticatedCustomerFromTicket(formsIdentity.Ticket);
        if (customer != null && customer.Active && !customer.Deleted && customer.IsRegistered())
        {
            _cachedCustomer = customer;
        }

        return _cachedCustomer;
    }

    public virtual Customer GetAuthenticatedCustomerFromTicket(FormsAuthenticationTicket ticket)
    {
        if (ticket == null)
            throw new ArgumentNullException("ticket");

        var usernameOrEmail = ticket.UserData;

        if (String.IsNullOrWhiteSpace(usernameOrEmail))
            return null;
        var customer = _customerSettings.UsernamesEnabled
            ? _customerService.GetCustomerByUsername(usernameOrEmail)
            : _customerService.GetCustomerByEmail(usernameOrEmail);
        return customer;
    }

我注意到localhost和production之间的唯一区别是，在production中，ASP.NET_SessionId cookie也丢失了。然而，我不知道这有多重要

my web.config的一部分：

<authentication mode="Forms">
  <forms name="NOPCOMMERCE.AUTH" loginUrl="~/login" protection="All" timeout="43200" path="/" requireSSL="false" slidingExpiration="true" />
</authentication>

目标框架是4.5。

生产中有多台服务器？@ChetanRanpariya，只有一台。什么是

\u expirationTimeSpan

？生产服务器上是否缺少设置？@Smartis，\u expirationTimeSpan=30.00:00:00。