设置Forms认证的cookie失效时间

时间:2021-01-23 17:14:18

永久性 Cookie 由所有使用同一个 Cookie 存储的应用程序共享,而且用户可以在客户端应用程序中打开文档。创建的永久性 Cookie 具有 30 分钟的默认超时值。通过在 Web.config 文件中的表单节点内添加或更新超时参数,可以更改此值。例如:

<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" timeout="100" />

例:

<authentication mode="Forms">
     <forms loginUrl="~/Default.aspx"
               name=".MetaTagUser"
               defaultUrl="~/Review/Default.aspx"
               timeout="30"
               slidingExpiration="true" />
</authentication>

<membership defaultProvider="MetaTagSqlProvider" userIsOnlineTimeWindow="30">
            <providers>
                <remove name="AspNetSqlProvider" />
                <add name="MetaTagSqlProvider"
                         type="System.Web.Security.SqlMembershipProvider"
                         connectionStringName="DSN_MemberStore"
                         enablePasswordRetrieval="false"
                         enablePasswordReset="true"
                         requiresQuestionAndAnswer="false"
                         passwordFormat="Hashed"
                         minRequiredNonalphanumericCharacters="0"
                         minRequiredPasswordLength="5"
                         applicationName="/MetaTag" />
            </providers>
 </membership>

<roleManager enabled="true"
         cacheRolesInCookie="false"
         cookieName=".MetaTagRoles"
         cookieTimeout="30"
         cookieSlidingExpiration="true"
         cookieProtection="All"
         defaultProvider="MetaTagSqlRoleProvider"
         createPersistentCookie="false"
         maxCachedResults="25">
            <providers>
                <remove name="AspNetSqlRoleProvider"/>
                <add connectionStringName="DSN_MemberStore"
                          applicationName="/MetaTag"
                          name="MetaTagSqlRoleProvider"
                          type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            </providers>
        </roleManager>

 

1. Specifies the amount of time, in integer minutes, after which the cookie expires. The default value is 30. If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time the last request was received. To prevent compromised performance, and to avoid multiple browser warnings for users that have cookie warnings turned on, the cookie is updated when more than half the specified time has elapsed. This might result in a loss of precision. Persistent cookies do not time out.

2. The UserIsOnlineTimeWindow property value is checked during the call to GetNumberOfUsersOnline. If the LastActivityDate for a user is greater than the current date and time minus the UserIsOnlineTimeWindow value in minutes, then the user is considered online. You can determine whether a membership user is considered online with the IsOnline property of the MembershipUser class.

3. The CookieTimeout property is used when the CookieSlidingExpiration property is true and specifies the time-to-live in minutes for the roles cookie. To set the CookieTimeout value, add the cookieTimeout attribute to the roleManager element in the Web.config file for the ASP.NET application and specify an integer value.