目前正在用.NET Core 2.0 的identity进行权限控制,但现在登录后,不管cookies设置了多长时间,都会在半小时左右就失效,代码如下 :
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = false;
options.Cookie.SameSite = SameSiteMode.None;
//options.Cookie.Expiration = TimeSpan.FromMinutes(30);//30分钟
//options.Cookie.Expiration = TimeSpan.FromDays(3);//3天
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.LoginPath = "/api/user/notlogin"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
//options.LogoutPath = "/api/Account/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
//options.AccessDeniedPath = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(3);
});
先浏览器端看一下cookie的有效期是多少,确定是cookie有效期的问题,还是其他的问题
已经确认过Cookies设置有效期是成功的,
.AspNetCore.Identity.Application | |
expires | 2018-05-02T13:41:53.000Z |
path | / |
value | CfDJ8LSxW-sa9ANBpTdmXJIKGRnxvGiSGIJxRgjpg1Y0pIaWTnUyYxLNJhOOb5nPdOJ9gW2ptxE0wVUPl07qUXhBJpt7HBOKKzKdDWqRxW1dwSf56ukcqBQ6h7s_zYy9bJGyGvjL-ChGhO-4aPldEaLF03GEh4wbVMlLRKTRa3PCVlHbKkJvhkvVxAEUv90BPeTDEq9bcnqUDrhbx6o4MNVY7eCL3I_FKMTXAyHBw5-3DbjdKgpdksDGzr7lz4w1pWDmirrW8g-aV8Iym0ZzNsrkGW7AeJhoes5j1rmmRf9jxGz3DuOMFg7Hbore_prGRVixxlegCd127WRKUeurURtxa-1ltN2CFNe7TEQHIxMu83kxb0r0nFHhwXiAz-7R8_C2g4KXQ8jDH659DNgBhytOSWpVD5EuPEKeqZ-heRsSG9Cj3I2nSqh7aeVbGKseu2bjOFnEeW3NpXsVItq9jlFWlqw |
登录设置如下:
await _signInManager.SignInAsync(new ApplicationUser() { UserName = username },
new Microsoft.AspNetCore.Authentication.AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddDays(5)
});
还需要在登录时进行设置,示例代码如下:
await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
claimsPrincipal,
new AuthenticationProperties
{
IsPersistent = isPersistent,
ExpiresUtc = DateTimeOffset.Now.Add(_cookieAuthOptions.ExpireTimeSpan)
});
我用的的.net core 2.0 SignInAsync方法参数和你的不一样
//
// 摘要:
// Signs in the specified user.
//
// 参数:
// user:
// The user to sign-in.
//
// authenticationProperties:
// Properties applied to the login and authentication cookie.
//
// authenticationMethod:
// Name of the method used to authenticate the user.
//
// 返回结果:
// The task object representing the asynchronous operation.
[AsyncStateMachine(typeof(SignInManager<>.<SignInAsync>d__30))]
public virtual Task SignInAsync(TUser user, AuthenticationProperties authenticationProperties, string authenticationMethod = null);
//
// 摘要:
// Signs in the specified user.
//
// 参数:
// user:
// The user to sign-in.
//
// isPersistent:
// Flag indicating whether the sign-in cookie should persist after the browser is
// closed.
//
// authenticationMethod:
// Name of the method used to authenticate the user.
//
// 返回结果:
// The task object representing the asynchronous operation.
public virtual Task SignInAsync(TUser user, bool isPersistent, string authenticationMethod = null);
@jobroon: 总之要在 AuthenticationProperties
中设置一下 ExpiresUtc
@dudu: 你也看到我有设置了啊..... 能否远程协助一下,万份感谢!
@jobroon: 你提供的登录代码中没有设置IsPersistent = true
,只要浏览器一关闭,Cookies就没了,你设置的过期时间等于没设置。
@dudu: 浏览器倒没有关闭,但是是长时间打开页面没有操作了....