我有一个asp.net mvc 3网站,拥有我自己的授权属性。当我在用户登录进行形式验证cookie的我错过了什么?我的表单超时不会超时会话
public void SetAuthCookie(string userName, string userData = "",int version = 1)
{
DateTime expiry = DateTime.UtcNow.AddMinutes(30);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(version, userName, DateTime.UtcNow, expiry, false, userData, "/");
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) {Path = "/"};
HttpContext.Current.Response.Cookies.Add(authCookie);
}
// AuthorizeAttribute
public class MyAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
if (httpContext.User.Identity.IsAuthenticated)
{
return true;
}
return false;
}
所以,我去我的网站登录,等待我的网站超时。然后我做一个请求(它是一个Ajax请求),它首先通过我的属性和httpContext.User.Identity.IsAuthenticated
仍设置为true
即使我没有请求到服务器3分钟
<authentication mode="Forms">
<forms loginUrl="~/Account"
protection="All"
name=".MySite"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"
timeout="1"
/>
</authentication>