我正在开发一个应用程序(ASP.NET MVC 5),我希望在该应用程序中防止特定页面上的auth cookie过期(这是一个巨大的表单,需要一些时间才能完全填写)。我拥有的是:
ASP。Startup.cs中的NET标识配置
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
validateInterval: TimeSpan.FromMinutes(15),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => Guid.Parse(id.GetUserId()))
},
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(30)
});
SignIn控制器中的方法实现
AuthenticationManager.SignIn(new AuthenticationProperties()
{
AllowRefresh = true,
IsPersistent = isPersistent,
ExpiresUtc = TimeSpan.FromMinutes(30)
}, identity);
jQuery方法在特定页面上的实现,每10分钟向服务器发布一次。
(function ($) {
function keepSessionAlive() {
$.post("/Resources/KeepSessionAlive");
}
// 10 minutes
setInterval(keepSessionAlive, 60 * 1000 * 10);
})(jQuery);
KeepSessionAlive在控制器中的实现
//
// POST: /Resources/KeepSessionAlive/
[HttpPost]
public JsonResult KeepSessionAlive()
{
if (HttpContext.Session != null)
HttpContext.Session["KeepSessionAlive"] = DateTime.Now;
return Json($"Last refresh {DateTime.Now.ToString("O")}");
}
问题:当我导航到特定页面时,我可以看到以下帖子请求:
- /Resources/KeepSessionAlive-200 OK
- /资源/GeepSessionAlive-200 OK
- /资源/GeepSessionAlive-401未经授权
但30分钟后,我得到401未经授权。我做错了什么?
Btw。CookieAuthenticationOptions之间的区别是什么。ExpireTimeSpan和AuthenticationProperties。过期Utc。它一定是一样的吗?如果我将它们设置为不同的值,它的行为如何?感谢您的澄清。
//编辑:
我发现cookie在15分钟后过期,这等于validateInterval: TimeSpan.FromMinutes(15),但我认为它不会影响cookie过期,因为this is a security feature which is used when you change a password or add an external login to your account。
我不明白,但当我将CookieAuthenticationOptions.ExpireTimeSpan和AuthenticationProperties.ExpiresUtc设置为相同的值(30分钟)时,它就开始工作了。
最终源代码:
启动.cs
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, Guid>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => Guid.Parse(id.GetUserId()))
}
});
登录
AuthenticationManager.SignIn(new AuthenticationProperties() {
IsPersistent = isPersistent }, identity);
jQuery
function keepSessionAlive() {
$.ajax({
type: "POST",
cache: false,
url: "/Resources/KeepSessionAlive",
success: function (result) {
console.debug("keepSessionAlive response [" + result + "]");
window.setTimeout(keepSessionAlive, 60 * 1000 * 15); // 15 minutes
}
});
}
keepSessionAlive();