我有一個asp.net mvc 3網站,擁有我自己的授權屬性。當我在用戶登錄進行形式驗證cookie的我錯過了什麼?我的表單超時不會超時會話
public void SetAuthCookie(string userName, string userData = "",int version = 1)
{
DateTime expiry = DateTime.UtcNow.AddMinutes(30);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(version, userName, DateTime.UtcNow, expiry, false, userData, "/");
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) {Path = "/"};
HttpContext.Current.Response.Cookies.Add(authCookie);
}
// AuthorizeAttribute
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
if (httpContext.User.Identity.IsAuthenticated)
{
return true;
}
return false;
}
所以,我去我的網站登錄,等待我的網站超時。然後我做一個請求(它是一個Ajax請求),它首先通過我的屬性和httpContext.User.Identity.IsAuthenticated
仍設置爲true
即使我沒有請求到服務器3分鐘
<authentication mode="Forms">
<forms loginUrl="~/Account"
protection="All"
name=".MySite"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"
timeout="1"
/>
</authentication>