C# 登录ASP.NET网站并刷新页面后,httpContext.Request不会';不包含验证cookie
晚上好, 我有一个在ASP.NET上运行的网站,登录在localhost上运行得非常好,但在生产环境中却失败了:如果用户登录并刷新页面,那么他将被强制注销。经过一些调查后,我发现这是由于auth cookie造成的,它只是没有出现在_httpContext.Request中的cookie列表中(在方法GetAuthenticatedCustomer()中,因为缺少auth cookie,_httpContext.Request.IsAuthenticated为false,方法返回null)。然而,我可以在浏览器中看到这个cookie,域属性设置正确,它没有过期,即使我手动设置过期日期,事情也不会改变。使用FormsAuthentication.SetAuthCookie(name,true)也没有帮助 以下是我的FormsAuthenticationService代码的一部分:C# 登录ASP.NET网站并刷新页面后,httpContext.Request不会';不包含验证cookie,c#,asp.net,cookies,forms-authentication,production,C#,Asp.net,Cookies,Forms Authentication,Production,晚上好, 我有一个在ASP.NET上运行的网站,登录在localhost上运行得非常好,但在生产环境中却失败了:如果用户登录并刷新页面,那么他将被强制注销。经过一些调查后,我发现这是由于auth cookie造成的,它只是没有出现在_httpContext.Request中的cookie列表中(在方法GetAuthenticatedCustomer()中,因为缺少auth cookie,_httpContext.Request.IsAuthenticated为false,方法返回null)。然而
public virtual void SignIn(Customer customer, bool createPersistentCookie)
{
var now = DateTime.UtcNow.ToLocalTime();
var ticket = new FormsAuthenticationTicket(
1 /*version*/,
_customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
now,
now.Add(_expirationTimeSpan),
createPersistentCookie,
_customerSettings.UsernamesEnabled ? customer.Username : customer.Email,
FormsAuthentication.FormsCookiePath);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.HttpOnly = true;
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
cookie.Secure = FormsAuthentication.RequireSSL;
cookie.Path = FormsAuthentication.FormsCookiePath;
if (FormsAuthentication.CookieDomain != null)
{
cookie.Domain = FormsAuthentication.CookieDomain;
}
_httpContext.Response.Cookies.Add(cookie);
_cachedCustomer = customer;
}
public virtual void SignOut()
{
_cachedCustomer = null;
FormsAuthentication.SignOut();
}
public virtual Customer GetAuthenticatedCustomer()
{
if (_cachedCustomer != null)
return _cachedCustomer;
if (_httpContext == null ||
_httpContext.Request == null ||
!_httpContext.Request.IsAuthenticated ||
!(_httpContext.User.Identity is FormsIdentity))
{
return null;
}
var formsIdentity = (FormsIdentity)_httpContext.User.Identity;
var customer = GetAuthenticatedCustomerFromTicket(formsIdentity.Ticket);
if (customer != null && customer.Active && !customer.Deleted && customer.IsRegistered())
{
_cachedCustomer = customer;
}
return _cachedCustomer;
}
public virtual Customer GetAuthenticatedCustomerFromTicket(FormsAuthenticationTicket ticket)
{
if (ticket == null)
throw new ArgumentNullException("ticket");
var usernameOrEmail = ticket.UserData;
if (String.IsNullOrWhiteSpace(usernameOrEmail))
return null;
var customer = _customerSettings.UsernamesEnabled
? _customerService.GetCustomerByUsername(usernameOrEmail)
: _customerService.GetCustomerByEmail(usernameOrEmail);
return customer;
}
我注意到localhost和production之间的唯一区别是,在production中,ASP.NET_SessionId cookie也丢失了。然而,我不知道这有多重要
my web.config的一部分:
<authentication mode="Forms">
<forms name="NOPCOMMERCE.AUTH" loginUrl="~/login" protection="All" timeout="43200" path="/" requireSSL="false" slidingExpiration="true" />
</authentication>
目标框架是4.5。生产中有多台服务器?@ChetanRanpariya,只有一台。什么是
\u expirationTimeSpan
?生产服务器上是否缺少设置?@Smartis,\u expirationTimeSpan=30.00:00:00。