Jquery ASP.NET Identity 2.0防止身份验证cookie过期
我正在开发一个应用程序(ASP.NET MVC 5),其中我希望防止特定页面上的auth cookie过期(这是一个巨大的表单,需要一些时间才能完全填写)。我得到的是: Startup.cs中的ASP.NET标识配置Jquery ASP.NET Identity 2.0防止身份验证cookie过期,jquery,asp.net,asp.net-mvc,cookies,asp.net-identity,Jquery,Asp.net,Asp.net Mvc,Cookies,Asp.net Identity,我正在开发一个应用程序(ASP.NET MVC 5),其中我希望防止特定页面上的auth cookie过期(这是一个巨大的表单,需要一些时间才能完全填写)。我得到的是: Startup.cs中的ASP.NET标识配置 app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, Logi
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
validateInterval: TimeSpan.FromMinutes(15),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => Guid.Parse(id.GetUserId()))
},
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(30)
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => Guid.Parse(id.GetUserId()))
}
});
jQuery在特定页面上实现方法,每10分钟向服务器发送一次帖子
(function ($) {
function keepSessionAlive() {
$.post("/Resources/KeepSessionAlive");
}
// 10 minutes
setInterval(keepSessionAlive, 60 * 1000 * 10);
})(jQuery);
KeepSessionAlive在控制器中实现
AuthenticationManager.SignIn(new AuthenticationProperties()
{
AllowRefresh = true,
IsPersistent = isPersistent,
ExpiresUtc = TimeSpan.FromMinutes(30)
}, identity);
//
// POST: /Resources/KeepSessionAlive/
[HttpPost]
public JsonResult KeepSessionAlive()
{
if (HttpContext.Session != null)
HttpContext.Session["KeepSessionAlive"] = DateTime.Now;
return Json($"Last refresh {DateTime.Now.ToString("O")}");
}
问题:
当我导航到特定页面时,我可以看到以下post请求:
我发现cookie在15分钟后过期,这等于
validateInterval:TimeSpan.FromMinutes(15)
,但我认为它不会影响cookie过期,因为这是一种安全功能,当您更改密码或向帐户添加外部登录时使用它我不理解它,但当我将CookieAuthenticationOptions.ExpireTimeSpan
和AuthenticationProperties.ExpiresUtc
设置到相同的值(30分钟),开始工作
最终的源代码:
Startup.cs
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
validateInterval: TimeSpan.FromMinutes(15),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => Guid.Parse(id.GetUserId()))
},
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(30)
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => Guid.Parse(id.GetUserId()))
}
});
jQuery
function keepSessionAlive() {
$.ajax({
type: "POST",
cache: false,
url: "/Resources/KeepSessionAlive",
success: function (result) {
console.debug("keepSessionAlive response [" + result + "]");
window.setTimeout(keepSessionAlive, 60 * 1000 * 15); // 15 minutes
}
});
}
keepSessionAlive();
我有一个类似的问题,我的.aspnet.applicationcookie没有刷新它的过期时间,但是将SlidingExpiration CookieAuthenticationOptions设置为true为我解决了这个问题。