 
        目前正在用.NET Core 2.0 的identity进行权限控制,但现在登录后,不管cookies设置了多长时间,都会在半小时左右就失效,代码如下 :
services.ConfigureApplicationCookie(options =>
 {
 // Cookie settings
 options.Cookie.HttpOnly = false;
 options.Cookie.SameSite = SameSiteMode.None;
 //options.Cookie.Expiration = TimeSpan.FromMinutes(30);//30分钟
 //options.Cookie.Expiration = TimeSpan.FromDays(3);//3天
 options.Cookie.SecurePolicy = CookieSecurePolicy.None;
 options.LoginPath = "/api/user/notlogin"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
 //options.LogoutPath = "/api/Account/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
 //options.AccessDeniedPath = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
 options.SlidingExpiration = true;
 options.ExpireTimeSpan = TimeSpan.FromDays(3);
 });
先浏览器端看一下cookie的有效期是多少,确定是cookie有效期的问题,还是其他的问题
已经确认过Cookies设置有效期是成功的,
| .AspNetCore.Identity.Application | |
| expires | 2018-05-02T13:41:53.000Z | 
| path | / | 
| value | CfDJ8LSxW-sa9ANBpTdmXJIKGRnxvGiSGIJxRgjpg1Y0pIaWTnUyYxLNJhOOb5nPdOJ9gW2ptxE0wVUPl07qUXhBJpt7HBOKKzKdDWqRxW1dwSf56ukcqBQ6h7s_zYy9bJGyGvjL-ChGhO-4aPldEaLF03GEh4wbVMlLRKTRa3PCVlHbKkJvhkvVxAEUv90BPeTDEq9bcnqUDrhbx6o4MNVY7eCL3I_FKMTXAyHBw5-3DbjdKgpdksDGzr7lz4w1pWDmirrW8g-aV8Iym0ZzNsrkGW7AeJhoes5j1rmmRf9jxGz3DuOMFg7Hbore_prGRVixxlegCd127WRKUeurURtxa-1ltN2CFNe7TEQHIxMu83kxb0r0nFHhwXiAz-7R8_C2g4KXQ8jDH659DNgBhytOSWpVD5EuPEKeqZ-heRsSG9Cj3I2nSqh7aeVbGKseu2bjOFnEeW3NpXsVItq9jlFWlqw | 
登录设置如下:
await _signInManager.SignInAsync(new ApplicationUser() { UserName = username },
 new Microsoft.AspNetCore.Authentication.AuthenticationProperties
 {
 ExpiresUtc = DateTime.UtcNow.AddDays(5)
 });
还需要在登录时进行设置,示例代码如下:
await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
    claimsPrincipal,
    new AuthenticationProperties
    {
        IsPersistent = isPersistent,
        ExpiresUtc = DateTimeOffset.Now.Add(_cookieAuthOptions.ExpireTimeSpan)
    });我用的的.net core 2.0 SignInAsync方法参数和你的不一样
//
 // 摘要:
 // Signs in the specified user.
 //
 // 参数:
 // user:
 // The user to sign-in.
 //
 // authenticationProperties:
 // Properties applied to the login and authentication cookie.
 //
 // authenticationMethod:
 // Name of the method used to authenticate the user.
 //
 // 返回结果:
 // The task object representing the asynchronous operation.
 [AsyncStateMachine(typeof(SignInManager<>.<SignInAsync>d__30))]
 public virtual Task SignInAsync(TUser user, AuthenticationProperties authenticationProperties, string authenticationMethod = null);
 //
 // 摘要:
 // Signs in the specified user.
 //
 // 参数:
 // user:
 // The user to sign-in.
 //
 // isPersistent:
 // Flag indicating whether the sign-in cookie should persist after the browser is
 // closed.
 //
 // authenticationMethod:
 // Name of the method used to authenticate the user.
 //
 // 返回结果:
 // The task object representing the asynchronous operation.
 public virtual Task SignInAsync(TUser user, bool isPersistent, string authenticationMethod = null);
@jobroon: 总之要在 AuthenticationProperties 中设置一下 ExpiresUtc
@dudu: 你也看到我有设置了啊..... 能否远程协助一下,万份感谢!
@jobroon: 你提供的登录代码中没有设置IsPersistent = true,只要浏览器一关闭,Cookies就没了,你设置的过期时间等于没设置。
@dudu: 浏览器倒没有关闭,但是是长时间打开页面没有操作了....