All geek questions in one place

How to disconnect user in asp.net formsAuthentication

I am wondering how to set a timeout for a user if they do not perform any requests after they say 10 minutes that the session has been killed and they are logged out.

I have in my webconfig this

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn"
                   protection="All"
                   timeout="20160"
                   path="/"
                   requireSSL="false"
                   slidingExpiration="false"
                   defaultUrl="default.aspx"
                   cookieless="UseDeviceProfile"
                   enableCrossAppRedirects="false" />
</authentication>

I was told to set the timeout to "20160" because I wanted to log in for 2 weeks if they checked "stay in the system for 2 weeks." I also don't forget to include IsPersistent in my cookie cookie.

So, is there another timeout I need to set? Since after some time of inactivity on my site it no longer works. I did not schedule it, but I will say that if I leave and return 10 minutes later and try to do something on my site, how to save money, then this will not work. So it looks like my connection was killed or something like that. I need to check out, log in, and then work

Edit

This is how I make my cookie

 FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(version,userName,DateTime.UtcNow,DateTime.UtcNow.AddDays(14),createPersistentCookie,userData,"/");
            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
            authCookie.Path = "/";
            if (createPersistentCookie == true)
            {
                authCookie.Expires = DateTime.UtcNow.AddDays(14);
            }
            HttpContext.Current.Response.Cookies.Add(authCookie);

When I set the session state in my webconfig, my url has this in it

(S(gkvkze55zfzzee45wj34byee))

I most likely do not have this nasty line in my code.

+3
source share
3 answers

, , cookie, web.config, .

, , . - web.config

FormsAuthentication.RedirectFromLoginPage("Bob", isPersistent)

, UserData , . , web.config .

/// <summary>
/// Create a New Forms Authentication Ticket when User Impersonation is active, using the current ticket as a basis for the new ticket.
/// </summary>
private static void NewTicket(MyUser currentUser, 
                              string userData, 
                              bool createPersistentCookie)
{
    System.Web.Configuration.AuthenticationSection authSection =
        (System.Web.Configuration.AuthenticationSection)
        ConfigurationManager.GetSection("system.web/authentication");

    System.Web.Configuration.FormsAuthenticationConfiguration 
        formsAuthenticationSection = authSection.Forms;

    DateTime now = DateTime.Now;

    // see http://msdn.microsoft.com/en-us/library/kybcs83h.aspx
    // Create a new ticket used for authentication
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
        2,                                          // Ticket version
        currentUser.UserName,                       // Username to be associated with this ticket
        now,                                        // Date/time issued
        now.Add(formsAuthenticationSection.Timeout),// Date/time to expire
        createPersistentCookie,
        userData,
        FormsAuthentication.FormsCookiePath);

    // Hash the cookie for transport over the wire
    string hash = FormsAuthentication.Encrypt(ticket);
    HttpCookie cookie = new HttpCookie(
        FormsAuthentication.FormsCookieName,    // Name of auth cookie (specified in web.config)
        hash);                                  // Hashed ticket

    // Add the cookie to the list for outbound response
    HttpContext.Current.Response.Cookies.Add(cookie);
}

, . , Ticket.UserData. .

+3

, - - -

node web.config.

<sessionState mode="InProc"
                    cookieless="true"
                    timeout="60"/>
+2

, .

. SO ASP.NET.

Update:

- , , 10

Logged Out = Forms Authentication Session (State) (, ).

The simple answer is not storing data in sessions. See this SO question , which seems similar to what you want.

0
source

Source: https://habr.com/ru/post/1722237/

More articles:


All Articles