Cookie.ExpireTimeSpan 忽略并设置为 CookieAuthentication 中的 Session

Cookie.ExpireTimeSpan ignored and set to Session in CookieAuthentication

我在尝试设置 CookieAuthentication 中 cookie 的 expire 时间时遇到问题,似乎 ExpireTimeSpan 被忽略了当我在浏览器中获取 cookie 时,它​​的过期时间设置为 Session..

我正在使用带有 .NET Core 3.1 的 c# 8.0,这是我的 ConfigureService 代码:

    public void ConfigureServices(IServiceCollection services)
    {

        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options => {
            options.Cookie.Name = "authToken";
            options.ExpireTimeSpan = TimeSpan.FromMinutes(120);
            options.Events = new CookieAuthenticationEvents()
            {
                OnRedirectToLogin = (context) =>
                {
                    context.HttpContext.Response.Redirect("https://example.com/test/expired.html");
                    return Task.CompletedTask;
                }
            };
        });
        services.AddControllers();
    }

但这就是我得到它的方式

我在 .net core 3.1 中有一个应用程序,我的 ConfigureServices 如下所示:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
    //options.Cookie = new CookieBuilder() { Name = "EcomAuth" };
    options.LoginPath = "/Account/Login/";
    options.AccessDeniedPath = "/Account/AccessDenied";
    options.LogoutPath = "/Account/Logout";
    options.ExpireTimeSpan = TimeSpan.FromMinutes(120);
});

由于某些错误,当我设置 cookie 名称时,代码停止工作,因此这一行被注释掉了。这是我的登录操作

List<Claim> claims = new List<Claim>
{
    new Claim(ClaimTypes.Name, user.Name, ClaimValueTypes.String),
    new Claim(ClaimTypes.Role, userType.Name, ClaimValueTypes.String),
    new Claim("Idusuario",user.IdUser.ToString(), ClaimValueTypes.String),
};

ClaimsIdentity identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

var authProperties = new AuthenticationProperties
{
    AllowRefresh = true,
    ExpiresUtc = DateTime.UtcNow.AddMinutes(120),
    IsPersistent = true,
    RedirectUri = "https://localhost:44318/Account/Logout"
};

await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity), authProperties);

它对我来说工作正常。

options.ExpireTimeSpan = TimeSpan.FromMinutes(120); 指示身份验证票证本身的有效期。

Controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created The expiration information is stored in the protected cookie ticket. Because of that an expired cookie will be ignored even if it is passed to the server after the browser should have purged it.

This is separate from the value of , which specifies how long the browser will keep the cookie.

Docs

您想在 Cookie 属性 上使用 Expiration 属性 来控制 cookie 过期。

public void ConfigureServices(IServiceCollection services)
{

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options => {
        options.Cookie.Name = "authToken";
        /// control cookie expiration
        options.Cookie.Expiration = TimeSpan.FromMinutes(120);
        options.ExpireTimeSpan = TimeSpan.FromMinutes(120);
        options.Events = new CookieAuthenticationEvents()
        {
            OnRedirectToLogin = (context) =>
            {
                context.HttpContext.Response.Redirect("https://example.com/test/expired.html");
                return Task.CompletedTask;
            }
        };
    });
    services.AddControllers();
}

或者,您也可以设置 MaxAge 属性。

对于我的新 ASP.NET MVC 6 项目 ExpireTimeSpan 不起作用,但 MaxAge 运行良好。

.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{      
    options.Cookie.MaxAge = TimeSpan.FromMinutes(120);
})