表单认证cookie替换
本文关键字:替换 cookie 认证 表单 | 更新日期: 2023-09-27 18:06:10
我有一个问题,用户被踢出后,表单身份验证票证更新和旧的一个已经过期。我签到的第一张票是:
票:A094D6F0401A5B6D97688198B09F17B03D209 ............end: Thu, 28 Mar 2013 08:56:33 GMT
一段时间后,票更新,我得到这个cookie:(cookie在票过期时过期,所以没有问题)
票:215373 e662852ad0cc540ac27f547787 .............end:星期四,28 Mar 2013 08:58:17 GMT
该票证由javascript重新加载器在后台为用户更新。现在,如果我更新页面,我将被踢出,为什么?当我续签机票时,我使用这个:
var Id = (FormsIdentity)HttpContext.Current.User.Identity;
var Ticket = Id.Ticket;
var NewAuthTicket = FormsAuthentication.RenewTicketIfOld(Ticket);
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(NewAuthTicket), new[] {""});
if (NewAuthTicket != null && NewAuthTicket.Expiration > Ticket.Expiration)
{
// Create the (encrypted) cookie.
var ObjCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(NewAuthTicket))
{
HttpOnly = true,
Expires = NewAuthTicket.Expiration,
Secure = FormsAuthentication.RequireSSL
};
// Add the cookie to the list for outbound response.
HttpContext.Current.Response.Cookies.Add(ObjCookie);
Ticket = NewAuthTicket;
}
有什么解决办法吗?
更新:
当我第一次设置cookie时,我使用这个:
var ExpiryDate = !DateTime.Now.AddMinutes(cookieTimeoutHour): DateTime.Now.AddYears(1);
//create a new forms auth ticket
var Ticket = new FormsAuthenticationTicket(2, ui.UserNr.ToString(CultureInfo.InvariantCulture), DateTime.Now, ExpiryDate, true, String.Empty);
//encrypt the ticket
var EncryptedTicket = FormsAuthentication.Encrypt(Ticket);
//create a new authentication cookie - and set its expiration date
var AuthenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket)
{
Expires = Ticket.Expiration,
HttpOnly = true,
Secure = FormsAuthentication.RequireSSL
};
Current.Response.Cookies.Add(AuthenticationCookie);
当客户端页面上的一个简单的keep-alive将使表单身份验证cookie保持活动时,为什么要进行所有这些工作呢?
jQuery的例子:$(function() {
window.setInterval(keepalive, 600000); // run keepalive every 10 mins
});
function keepalive()
{
$.get({url:'/myemptykeepalivepage.aspx',cache:false});
}
当客户端关闭浏览器时,间隔功能被取消,窗体的验证票自然过期。