asp.net-mvc - MVC 5注销超时

Question

要求用户每20分钟左右登录一次。

不知道在哪里看的情况之一。我正在使用C#MVC 5 IdentityFramework 1.0.0

我想将超时时间设为4小时。

到目前为止，我已经在web.config中尝试过:

<system.web>
  <sessionState timeout="2880"></sessionState>
      <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
  </authentication>
</system.web>

并在Startup.Auth.sc中:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            ExpireTimeSpan = TimeSpan.FromHours(4),
            CookieSecure = CookieSecureOption.Never,
            CookieHttpOnly = false,
            SlidingExpiration = true,
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });

我想念什么？

编辑-解决方案

解决方案是将machineKey放在system.web下的web.config中。可以找到 key 生成器 http://aspnetresources.com/tools/machineKey

我还迁移到了Identity 2.0，并保留了这些设置。使用此博客作为向导进行迁移: http://typecastexception.com/post/2014/07/13/ASPNET-Identity-20-Extending-Identity-Models-and-Using-Integer-Keys-Instead-of-Strings.aspx

Answer 1

即使您在本地运行站点，它也会发生吗？看看this blog post描述了类似的情况。

博客文章的重点是:

...remember that Forms Authentication uses the computer’s machineKey to encrypt the Forms Authentication cookie. "Could the machine key be changing over time on my shared hosting server?", I wondered.

Before emailing them to ask, I looked at the documentation on MSDN for machineKey and discovered that there is an AutoGenerate mode that can be set to regenerate a new machineKey each time the host process for a web application starts up…after 20 minutes of inactivity! Ah ha!