问题
I need help figuring out why my authentication ticket is expiring after about an hour on my hosted website. But if I run the site locally the authentication ticket stays alive for the correct amount of time.
This is my localhost web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="20160" slidingExpiration="true" path="/" />
</authentication>
and this is my hosted web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="20160" slidingExpiration="true" domain=".mywebsite.com" path="/" />
</authentication>
I know the authentication ticket is being created because:
- I can see it in the browser cookies
- I stay logged in even after closing the browser and reopening
- I stay logged in even after website recycles (changing and saving web.config to recycle it)
When I check the cookie expiration date in the browser it's 2 weeks later. However, after about an hour my authentication always expires.
What can I do to figure out why the hosted website's authentication is expiring so early? I don't know how to go about resolving this problem since it's my hosted website that is the only one having problems.
Update 1: After waiting 1 hour, I check my browser and I see the cookie still exists. In fact it's expiration date is set for 2 weeks later. But if I reload the page or try going to any pages that requires authentication I am taken to the login page.
回答1:
I added a machinekey entry in system.net. Something like this:
<machineKey validationKey="aaa"
decryptionKey="bbb" validation="SHA1" />
and now it keeps the user logged in. However, now it seems like I am having performance issues. The page used to take roughly 500ms to load now takes about double that time.
回答2:
I would try several things in troubleshooting this:
- IIS version & settings between your localhost & hosting. Most likely there are some differences in application pool setting
- In IIS 7, there is a special setting for this: read here
回答3:
Have you asked your hosting provider if the machine.config has this set to a diferent value? Settings on machine.config will override the web.config.
来源:https://stackoverflow.com/questions/851557/figuring-out-why-asp-net-authentication-ticket-is-expiring