问题
So, my application is being odd in the fact that when you login you will stay logged in for a page or two then get lost. My settings are this:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" timeout="20"/>
</authentication>
<authorization>
<allow users="*" />
</authorization>
<membership defaultProvider="MySqlConnection" userIsOnlineTimeWindow="45">
<providers>
<clear />
<add name="MySqlConnection" type="System.Web.Security.SqlMembershipProvider" connectionStringName="MySqlConnection"
applicationName="HQChannel"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredNonalphanumericCharacters="0"
minRequiredPasswordLength="6" />
</providers>
</membership>
Thanks for your help.
回答1:
2 things stand out for me here. First is that you're allowing * users instead of ? users. * means anonymous, ? means authenticated. I'd change it to the following & see if that helps...
<authorization>
<allow users="?" />
<deny users="*" />
</authorization>
2nd thought would be that you'd want to add slidingExpiration="true" to your authentication block. That'll make the login into a sliding window - so they only get logged out after 20 minutes of inactivity...
<forms name=".ASPXFORMSAUTH" timeout="20" slidingExpiration="true" />
回答2:
I would also check the code and see if the forms authentication ticket is being overridden with a different timeout as in the sample below.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
1, // version
txtEmail.Text, // name
DateTime.Now, // issueDate
DateTime.Now.AddMinutes(30), // expiration
false, // isPersistent
roles, // userData
FormsAuthentication.FormsCookiePath // cookiePath
);
If the settings are explicitly overwritten from code then the web.config settings won't work as expected.
来源:https://stackoverflow.com/questions/508316/asp-net-membership-staying-authenticated-issues