c# - FormsAuthenticationTicket.expiration v web.config 值超时

Question

这是一个 MVC2 网站，我在使用 FormsAuthentication 票证时遇到问题。用户超时 30 分钟后无法重新登录。在测试期间，DateTime.Now.AddMinutes(30) 值设置为 5000 并且一切正常，但现在已更改为 30，这就是问题开始的时间

从 cookie 创建

 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
            1,
            user.UserID,
            DateTime.Now,
            DateTime.Now.AddMinutes(30),
            false,
            "user,user1",
            FormsAuthentication.FormsCookiePath);

Web.config 文件

<authentication mode="Forms">
  <forms loginUrl="~/Account.mvc/LogOn" timeout="2880" name=".ASPXFORMSAUTH" />
</authentication>

ticket创建中的过期值是否需要>= web.config值？

Answer 1

因为您是手动创建身份验证 cookie，所以您的 web.config 中的超时值将被完全忽略。所以我建议你有相同的值(value):

var ticket = new FormsAuthenticationTicket(
    1,
    user.UserID,
    DateTime.Now,
    DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
    false,
    "user,user1",
    FormsAuthentication.FormsCookiePath
);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
    HttpOnly = true,
    Secure = FormsAuthentication.RequireSSL,
    Path = FormsAuthentication.FormsCookiePath,
    Domain = FormsAuthentication.CookieDomain
};
Response.AppendCookie(cookie);