首页 新闻 赞助 找找看

net core 2.0 cookies 丢失问题

0
[待解决问题]

目前正在用.NET Core 2.0 的identity进行权限控制,但现在登录后,不管cookies设置了多长时间,都会在半小时左右就失效,代码如下 :

services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = false;
options.Cookie.SameSite = SameSiteMode.None;
//options.Cookie.Expiration = TimeSpan.FromMinutes(30);//30分钟
//options.Cookie.Expiration = TimeSpan.FromDays(3);//3天
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.LoginPath = "/api/user/notlogin"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
//options.LogoutPath = "/api/Account/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
//options.AccessDeniedPath = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(3);
});

jobroon的主页 jobroon | 初学一级 | 园豆:157
提问于:2018-04-18 19:51
< >
分享
所有回答(2)
0

先浏览器端看一下cookie的有效期是多少,确定是cookie有效期的问题,还是其他的问题

czd890 | 园豆:14292 (专家六级) | 2018-04-18 20:50

已经确认过Cookies设置有效期是成功的,

 

.AspNetCore.Identity.Application  
expires 2018-05-02T13:41:53.000Z
path /
value CfDJ8LSxW-sa9ANBpTdmXJIKGRnxvGiSGIJxRgjpg1Y0pIaWTnUyYxLNJhOOb5nPdOJ9gW2ptxE0wVUPl07qUXhBJpt7HBOKKzKdDWqRxW1dwSf56ukcqBQ6h7s_zYy9bJGyGvjL-ChGhO-4aPldEaLF03GEh4wbVMlLRKTRa3PCVlHbKkJvhkvVxAEUv90BPeTDEq9bcnqUDrhbx6o4MNVY7eCL3I_FKMTXAyHBw5-3DbjdKgpdksDGzr7lz4w1pWDmirrW8g-aV8Iym0ZzNsrkGW7AeJhoes5j1rmmRf9jxGz3DuOMFg7Hbore_prGRVixxlegCd127WRKUeurURtxa-1ltN2CFNe7TEQHIxMu83kxb0r0nFHhwXiAz-7R8_C2g4KXQ8jDH659DNgBhytOSWpVD5EuPEKeqZ-heRsSG9Cj3I2nSqh7aeVbGKseu2bjOFnEeW3NpXsVItq9jlFWlqw

登录设置如下:

await _signInManager.SignInAsync(new ApplicationUser() { UserName = username },
new Microsoft.AspNetCore.Authentication.AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddDays(5)
});

支持(0) 反对(0) jobroon | 园豆:157 (初学一级) | 2018-04-18 21:44
0

还需要在登录时进行设置,示例代码如下:

await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
    claimsPrincipal,
    new AuthenticationProperties
    {
        IsPersistent = isPersistent,
        ExpiresUtc = DateTimeOffset.Now.Add(_cookieAuthOptions.ExpireTimeSpan)
    });
dudu | 园豆:31075 (高人七级) | 2018-04-18 22:08

我用的的.net core 2.0 SignInAsync方法参数和你的不一样

//
// 摘要:
// Signs in the specified user.
//
// 参数:
// user:
// The user to sign-in.
//
// authenticationProperties:
// Properties applied to the login and authentication cookie.
//
// authenticationMethod:
// Name of the method used to authenticate the user.
//
// 返回结果:
// The task object representing the asynchronous operation.
[AsyncStateMachine(typeof(SignInManager<>.<SignInAsync>d__30))]
public virtual Task SignInAsync(TUser user, AuthenticationProperties authenticationProperties, string authenticationMethod = null);
//
// 摘要:
// Signs in the specified user.
//
// 参数:
// user:
// The user to sign-in.
//
// isPersistent:
// Flag indicating whether the sign-in cookie should persist after the browser is
// closed.
//
// authenticationMethod:
// Name of the method used to authenticate the user.
//
// 返回结果:
// The task object representing the asynchronous operation.
public virtual Task SignInAsync(TUser user, bool isPersistent, string authenticationMethod = null);

支持(0) 反对(0) jobroon | 园豆:157 (初学一级) | 2018-04-18 22:39

@jobroon: 总之要在 AuthenticationProperties 中设置一下 ExpiresUtc

支持(0) 反对(0) dudu | 园豆:31075 (高人七级) | 2018-04-18 22:42

@dudu: 你也看到我有设置了啊..... 能否远程协助一下,万份感谢!

支持(0) 反对(0) jobroon | 园豆:157 (初学一级) | 2018-04-18 23:27

@jobroon: 你提供的登录代码中没有设置IsPersistent = true,只要浏览器一关闭,Cookies就没了,你设置的过期时间等于没设置。

支持(0) 反对(0) dudu | 园豆:31075 (高人七级) | 2018-04-19 10:32

@dudu: 浏览器倒没有关闭,但是是长时间打开页面没有操作了....

支持(0) 反对(0) jobroon | 园豆:157 (初学一级) | 2018-04-19 17:32
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册